Multiple hospitals divert ambulances after ransomware attack on parent company

Hospitals in several states are facing issues due to a ransomware attack on parent company Ardent Health Services, which confirmed on Monday afternoon that it was responding to an incident.

Ardent, based in Nashville, runs 37 healthcare facilities across the U.S.

Since Thanksgiving, multiple local news outlets have reported that hospitals in their area are dealing with ransomware attacks that forced them to divert ambulances to other facilities and take other actions.

The company initially did not respond to requests for comment. By Sunday, cybersecurity experts began to put the pieces together and surmise that the attacks were connected.

On Monday afternoon, Ardent confirmed that it first began responding to an incident on the morning of November 23.

“The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs,” the company said.

Ardent said it reported the incident to law enforcement and retained “third-party forensic and threat intelligence advisers.”

The company also has implemented “additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible. At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.”

The company added that the incident has caused “temporary disruption to certain aspects of Ardent’s clinical and financial operations.”

Some facilities are diverting emergency room patients to other hospitals and rescheduling elective and non-emergency procedures, Ardent said.

The company said it does not know how long the restoration of its electronic medical records system will take.

The FBI and the Cybersecurity and Infrastructure Security Agency did not respond to requests for comment.

CNN was first to report on Friday that UT Health East Texas was turning away ambulances. Since then, hospitals in Texas, Idaho, Oklahoma, New Mexico and New Jersey reported problems. Inquiries sent to several other Ardent Health Services hospitals were not answered.

The attack mirrors an incident in August when 16 hospitals run by Prospect Medical Holdings spent weeks recovering from a ransomware attack that caused severe outages at facilities in four states.

Recorded Future — the parent company of The Record — reported at least 19 ransomware attacks on healthcare facilities last month and steep increases in incidents throughout 2023.