Rewterz Threat Update – Ardent Health Services Faces Ransomware Crisis: 30 Hospitals Across Six States Disrupted

Severity

High

Analysis Summary

Ardent Health Services, a major healthcare provider operating 30 hospitals across six U.S. states, faced a ransomware attack on November 23, 2023. Following the incident, the organization took swift action by shutting down its entire network and notifying law enforcement. 

The healthcare organization issued a notice saying, “The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality.”

Cybersecurity experts were enlisted to investigate the attack’s scope and impact. The fallout from the attack has led to the suspension of user access to essential IT applications, including corporate servers and clinical programs. Affected hospitals are diverting emergency care patients to alternative facilities, with emergency rooms providing critical services. While patient care services in Ardent’s clinics remain active, certain non-urgent elective surgeries have been temporarily halted as the organization works to restore encrypted systems.

“As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs,” they mentioned

Ardent is actively communicating with affected individuals, notifying them of any necessary rescheduling of appointments or procedures. The extent of potential data breaches, encompassing patient health and financial information, has yet to be confirmed. The healthcare provider is implementing heightened information technology security measures and collaborating with cybersecurity specialists to expedite the restoration of IT operations and capabilities. The investigation into the incident and the restoration of access to electronic medical records and clinical systems are ongoing. With a workforce of 23,000 employees, Ardent oversees operations in Texas, Oklahoma, New Mexico, Kansas, New Jersey, and Idaho, collaborating with over 1,400 affiliated healthcare providers. Despite efforts to reinstate access, Ardent cannot provide a definitive timeline for the restoration process, underscoring the evolving challenges posed by ransomware attacks on critical healthcare infrastructure.

Impact

• Financial and Reputational Impact
• Operational Disruption

Remediation

• Maintain cyber hygiene by updating your anti-virus software and implementing a patch management lifecycle.
• Maintain Offline Backups – In a ransomware attack, the adversary will often delete or encrypt backups if they have access to them. That’s why it’s important to keep offline (preferably off-site), encrypted backups of data and test them regularly.
• Never trust or open links and attachments received from unknown sources/senders.
• Enable antivirus and anti-malware software and update signature definitions in a timely manner. Using a multi-layered protection is necessary to secure vulnerable assets.
• Develop and regularly update an incident response plan that outlines specific steps to be taken in the event of a cybersecurity incident, including a ransomware attack.
• Strengthen network security through the use of firewalls, intrusion detection/prevention systems, and advanced endpoint protection.
• Implement multi-factor authentication for accessing critical systems and sensitive information. 
• Conduct regular security audits and assessments to identify vulnerabilities in the IT infrastructure.
• Implement continuous monitoring of network traffic and system logs to detect and respond to unusual activities promptly.