Ardent confirms hospitals disrupted over ransomware attack


Several US-based hospitals are struggling with network outages. All affected locations belong to the same healthcare provider, Ardent Health Services. The company confirmed it suffered a disruptive ransomware attack.

At least six healthcare institutions owned by AHS have reported “network outages” over the Thanksgiving weekend. One of the affected hospitals, BSA Health Systems in Amarillo, Texas, had to divert emergency medical services to nearby hospitals.

Other affected AHS-owned institutions include St. Francis Campus of the University of Kansas Health System, Portneuf Medical Center in Idaho, Hillcrest HealthCare System, Lovelace Health System in New Mexico, Pascack Valley Medical Center, and Mountainside Medical Center in New Jersey.

ADVERTISEMENT

Ardent released the company's statement on Monday, admitting it was hit with cybersecurity incident, which "has since been determined to be a ransomware attack." According to the statement, the attack forced the company to take its network online.

"As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs," reads the statement.

Ardent insisted that the disruption is only temporary and will continue to provide hospital, clinical and emergency patients with necessary services.

"In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online," Ardent said.

Who's behind Ardent attack?

Ardent's statement also indicated that attackers encrypted the healthcare provider's data, as the company noted it is working to restore access to "electronic medical records and other clinical systems."

Before Ardent publicly acknowledged the attack, a user on Reddit, claiming to be an employee of one of Ardent’s facilities, said that Ardent was targeted with a ransomware attack, severely impacting the company’s systems. The Redditor claims the attack was carried out by Black Suit ransomware.

However, at the time of writing this article, AHS's name was missing from Black Suit’s dark web blog, where gang affiliates typically post their latest victims.

ADVERTISEMENT

US authorities suspect that Black Suit ransomware is a rebrand of the notorious Royal Ransomware.

Ardent Health Services claims to own 30 hospitals with over 200 sites of care and 1,400 aligned providers. The company reports its team consists of over 23,000 people in several states, including Texas, New Mexico, Oklahoma, New Jersey, Kansas, and Idaho.

Updated on November 28 [08:00 AM GMT] with a statement from Ardent.