Ransomware Attack Prompts US Hospitals To Relocate Patients

A ransomware attack on Ardent Health Systems, a healthcare chain in charge of operating 30 hospitals across 6 states, has been forced to divert patients from some of the emergency rooms and postpone elective procedures due to a ransomware attack on November 23.

This prompted Ardent to take its network offline; denying access to users on crucial information technology applications such as those for patient care documentation. By Tuesday afternoon, fifteen out of the twenty five emergency rooms of Ardent had lifted their “divert” status which directed emergency cases to other nearby facilities.

At this stage, the company revealed that it was unable to confirm the magnitude of compromised patient health or financial information. In this regard, Ardent has taken some steps including reporting the incident to law enforcement, hiring third-party forensic and threat intelligence advisers, as well as collaborating with cybersecurity specialists to restore IT functions.

Ardent, a hospital management company based in Brentwood, Tennessee, operates hospitals and care sites in Oklahoma, Texas, New Jersey, New Mexico, Idaho, and Kansas. The company has assured that it will see that every hospital continues conducting medical screens and stabilizing care to people who come to emergency rooms.

Emergency services have not been spared, and ordinary healthcare access by people like William Spell from Amarillo, Texas. Spell and his mother, suffering from flu-like symptoms, were unable to book a doctor’s appointment through an online patient portal, due to the cyber attack, so they needed to find other options.

Some patients who need emergency care have continued to be diverted in hospitals within Ardent’s Lovelace Health System in Albuquerque, New Mexico, while some in Topeka, Kansas, including the University of Kansas Health System-St. Francis, are on divert status.

Ransomware criminals targeting healthcare providers as part of a growing trend, whereby an attack against Ardent Health Services is one of the examples. According to analyst Allan Liska from the cybersecurity firm Recorded Future, this trend is on the rise. Even though healthcare providers decide not to pay ransoms, the patient’s data might still be sold by ransomware groups.

Dr. Christian Dameff, co-director of the Center for Healthcare Cybersecurity at the University of California, San Diego, notes that such attacks on hospitals result in a “cyber blast radius” that involves patient care and hospital operations in nearby hospitals.

The study, conducted by cybersecurity firm Sophos, has confirmed that healthcare organizations in about two thirds of all countries were exposed to ransomware attacks for the year ending March. The attacks mostly target stolen data from victims, forcing them to pay ransoms so as to prevent the release of the secret information to the public.

Given that the healthcare sector is facing these challenges, there is a need to take into account the widespread consequences of cyber threats on patient care, data security, and the robustness of healthcare systems.