Hospitals in at least four US states had to divert patients from their emergency rooms after a healthcare company was hit by a ransomware attack.
Ardent Health, a hospital operator overseeing 30 medical facilities across the United States, has confirmed the ransomware incident. The attack, which took place over the Thanksgiving weekend, had disrupted a substantial portion of its computerized services impacting hospital chains.
Emergency rooms in these facilities have been compelled to transfer patients to other hospitals to ensure continued healthcare provision.
“Ardent … became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack. The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs,” Ardent Health’s press release said.
In response to the breach, Ardent Health promptly reported the incident to law enforcement agencies and engaged the services of third-party experts. The company is actively working to assess the extent of the damage, identify the culprits behind the cyberattack, and implement measures to restore normal operations.
“At this time, we cannot confirm the extent of any patient health or financial data that has been compromised,” the company added.
A nurse working at one of the impacted New Jersey hospitals told CNN that staff rushed “to print out as much patient information as we could” as it became clear that the hospital was shutting down networks because of the hacking incident.
Chiara Marababol, a spokesperson for two New Jersey hospitals – Mountainside Medical Center and Pascack Valley Medical Center – affected by the hack, said the hospitals continue to care for patients in emergency rooms.
“[H]owever, we have asked our local EMS systems to temporarily divert patients in need of emergency care to other area facilities while we address our system issues,” Marababol told CNN.
It’s not clear what ransomware group is responsible for the cyberattack.