Ransomware attack disrupts multiple US hospital ERs

US healthcare provider Ardent Health Services is facing disruption to clinical and financial operations at six locations following a ransomware attack. Ardent Health Services and its affiliated entities (Ardent) became aware of a cybersecurity incident on the morning of November 23, according to a statement published this week.

Ardent’s IT team immediately began working to understand the event, safeguard data and regain functionality, taking its network offline, it said. This suspended all user access to its IT applications including corporate servers, Epic software, internet and clinical programs.

Some Ardent hospitals are currently operating on divert, which means they are asking local ambulance services to transport patients in need of emergency care to other area hospitals. “This ensures critically ill patients have immediate access to the most appropriate level of care,” read the statement. Meanwhile, some non-emergent, elective procedures are being rescheduled until systems are back online, it added.

Ardent did not specify the extent of any compromised patient health or financial data, although it has reported the event to law enforcement and retained third-party forensic and threat intelligence advisors.

Ardent working with cyber security specialists to restore operations

Ardent said it has implemented additional IT security protocols and is working with specialist cyber security partners to restore its operations and capabilities as quickly as possible. “In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms and clinics,” it said.

The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. “Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.”

Commenting on the breach, Jess Parnell, CISO of cyber security firm Centripetal, said that threat actors are constantly probing and doing reconnaissance to enhance attacks, quickly changing their tactics to increase their success rate. “That’s why organizations run out of human runway quickly and it’s why their infrastructure is quickly overloaded. Even with all the spending on cyber security that we see, the only thing that organizations know for sure is that their exposure to cyber risk is only going up and up and up.”

Healthcare industry a prime target for cyber attacks

The healthcare sector is a prime target for cyber attacks due to the sheer volume of sensitive information typically stored on the systems of healthcare providers and organizations, with the frequency and severity of attacks against the healthcare sector increasing in recent years.

Earlier this month, healthcare delivery system McLaren Health Care notified around 2.2 million individuals that their personal information was compromised in a data breach that exposed Social Security numbers, health insurance information, prescription/medication information and diagnostic and treatment information.

US-based healthcare company HCA Healthcare recently suffered a data breach impacting 11 million patients, while almost one million people were affected by a ransomware attack on New York-based healthcare billing company Practice Resources (PRL) last year.