A cyber attack has disrupted the operations of Ardent Health Services, a Tennessee-based healthcare provider with a significant presence across multiple states. The company, which manages numerous hospitals and healthcare facilities, revealed on Monday that it fell victim to a ransomware attack, prompting the diversion of patients and the rescheduling of procedures.
In an official statement released on its website, Ardent Health Services disclosed that it first became aware of the cybersecurity incident on Thursday morning. Following the discovery, the organization took a proactive approach by immediately taking its network offline. This suspension included all user access to various information technology applications, such as corporate servers, Epic software, internet services, and clinical programs.
Ardent, headquartered in Brentwood and overseeing 30 hospitals and over 200 healthcare sites across Texas, Oklahoma, Kansas, Idaho, New Mexico, and New Jersey, reported the incident to law enforcement and enlisted the expertise of third-party forensic and threat intelligence advisers.
The healthcare provider emphasized its commitment to addressing the situation promptly, implementing additional security protocols, and actively working to restore its IT operations. Despite the temporary disruption to certain aspects of Ardent’s clinical and financial operations, the organization assured the public that patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics.
However, acknowledging the impact of the incident, Ardent Health Services said that some facilities are rescheduling non-emergent, elective procedures and redirecting certain emergency room patients to alternative hospitals until their systems are fully operational.
The restoration process for access to electronic medical records and other clinical systems is currently underway. Ardent clarified that it is still in the process of determining the full extent of the event, making it too early to ascertain the duration of the recovery efforts or identify the specific data that may have been compromised. As of now, the organization cannot confirm the extent of any compromise to patient health or financial data.