Ransomware Attacks on Health Services, ER Patient Diversions Becoming More Common

by | Dec 6, 2023

News of patients being diverted from emergency rooms due to ransomware attacks is unfortunately becoming more common, with the latest incident taking place across six US states. Ardent Health Services is the latest victim, with 25 emergency rooms out of its network of 30 hospitals impacted in the final week of November.

In addition to disrupting ER capability for at least several days, the ransomware attack (which has not yet been claimed or attributed) shut down the online patient portal used to schedule and check appointments, as well as the health network’s video telehealth capability. Ardent Health Services posted a breach notification on its website on November 27, but the server appears to still be struggling with slow load times and spotty outages.

Ardent ransomware attack hits 30 hospitals across six states

Ardent Health Services has a presence in six states: Idaho, Kansas, New Jersey, New Mexico, Oklahoma and Texas. In addition to the 30 main hospitals it operates, it has 200 additional care facilities and numerous providers in its extended network.

The incident adds to a growing string of ransomware attacks on health services, and a growing frequency of these attacks disrupting patient care and emergency rooms in some way. Hospitals are seen as both a relatively easy target that cannot afford downtime, and a rich source of extremely valuable personal information to steal. A handful of ransomware groups have declared that health services have a “non-combatant” status, but some have reversed course on this after initially promising not to attack them; hospitals now have to assume that any ransomware group that finds an opening will attack them without mercy.

There have already been several ransomware attacks in the US this year that were bad enough to force patient diversions for at least a couple of days. Miraculously, there have not been any deaths or serious complications linked to these incidents, a testament to the on-the-ground staff that are responding quickly by printing out vital paper records and shifting to older systems of treatment and record-keeping as systems are restored.

As is often the case in cyber defense, budget is usually the central problem for health services. It is not the best-funded industry to begin with, and IT and cybersecurity are usually somewhere on the short end of the stick when money is divvied up. The likelihood of high stress and low pay makes it a hard sell to a cybersecurity workforce that can very much afford to be picky.

Ardent Health Services breach notification hard to access as website struggles to load

Ardent Health Services published a data breach notification on November 27, but accessing it is still somewhat iffy as the company’s public-facing website seems to continue to have loading issues.

Patient diversion was obviously the most serious issue, and this began shortly after the attack on November 23. About half of the emergency rooms reported restoring capacity to take in patients by the next day, and the company has confirmed that all can now at least provide stabilizing care, but availability of individual services remains spotty.

In addition to emergency room troubles, Ardent Health Services reported that its “On-Demand Video Visits” service used for home-based telemedicine is down for an extended period. The MyChart patient portal used for appointments also appears to down as part of the organization’s general website troubles.

Recent Posts

How can we help?

14 + 8 =

× How can I help you?