Pierluigi Paganini November 28, 2023

The US Healthcare provider Ardent Health Services disclosed that it was the victim of a ransomware attack last week.

Ardent Health Services is a healthcare company that operates hospitals and other medical facilities in the United States. It is a for-profit health system with a focus on acquiring, managing, and improving hospitals. Ardent Health Services is known for providing a range of healthcare services, including acute care, specialty care, and community health services.

Through its subsidiaries, Ardent owns and operates 30 hospitals and 200+ sites of care with more than 1,400 aligned providers in six states.

The healthcare provider disclosed that it has suffered a ransomware attack on November 23.

In response to the incident, the company took its network offline and suspended all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.

Ardent Health Services notified law enforcement and launched an investigation into the incident with the help of external forensic experts.

“Ardent Health Services and its affiliated entities (“Ardent”) became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack.” reads the notice of security incident published by the company. “The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality.”

Ardent announced it has also implemented additional information technology security protocols and is working with third-party experts to restore its operations. The investigation is still ongoing and the healthcare firm has yet to determine the extent of the security breach.

Impacted hospitals are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals.

However, all Ardent hospitals are continuing to provide a medical screening exam and stabilizing care to any patients arriving at our Emergency Departments.

At this time we have no other details about the ransomware attack or the malware family the was employed in the attack.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Ardent)