Editor's Note: This story has been updated with information from Ardent Health Services about the status of its recovery efforts.
Thursday, December 7
Ardent Health Services, a company that operates 30 hospitals, restored access to Epic, its electronic medical record system, and other core clinical and business systems two weeks after it was hit with a ransomware attack.
In an updated statement posted on its website on Dec. 6, the company said it is "working around the clock" to bring its remaining systems back online "as quickly and safely as possible."
"We continue to care for patients in our hospitals, emergency rooms and clinics. At this time, our emergency rooms are accepting patients by ambulance and our clinics have resumed operations. Some non-emergent procedures remain paused while we work to bring additional systems back online," the company said.
On Thanksgiving, the Nashville-based company became aware of an information technology cybersecurity incident, which has since been determined to be a ransomware attack.
The company owns and operates 30 hospitals and more than 200 sites of care with more than 1,300 aligned providers in six states, primarily in Texas, Oklahoma and New Mexico. The company also owns or partially owns one hospital in Kansas, one in Idaho and two in New Jersey.
Thursday, November 30
Hospitals across multiple states have reopened their emergency rooms but continue to face disruptions after parent company Ardent Health Services was hit by a ransomware attack a week ago.
As of Thursday, the company had not yet restored all IT functions.
In a statement posted to its website Thursday, the company said, "We are working around the clock to bring systems back online as quickly and safely as possible, but our restoration and investigative work will take some time to complete. At this time, we do not have a timeline for full restoration."
Ardent Health said all of its 25 emergency rooms are accepting patients by ambulance. "In some cases, we continue to ask local EMS services to transport patients in need of certain emergency care, such as stroke or trauma care, to other area ERs. All hospitals continue to provide a medical screening exam and stabilizing care to any patients arriving at our ERs," the company said.
The vast majority of Ardent Health's clinics have resumed operations. "Out of an abundance of caution, some non-emergent procedures have been temporarily paused while we work to bring systems back online. Our teams are working directly with any patient whose appointment or procedure will need to be rescheduled. We understand the frustration this has caused and sincerely regret any inconvenience to our patients," the company said.
On Thanksgiving, Nashville-based Ardent Health Services became aware of an information technology cybersecurity incident, which has since been determined to be a ransomware attack, the company wrote in a statement posted to its website Monday.
The company owns and operates 30 hospitals and more than 200 sites of care with more than 1,300 aligned providers in six states, primarily in Texas, Oklahoma and New Mexico. The company also owns or partially owns one hospital in Kansas, one in Idaho and two in New Jersey.
The company has not posted an update to its website since Monday and did not respond to a request for comment from Fierce Healthcare.
The company said Monday that it "proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs."
The company said Monday that some of its facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online. Divert status means hospitals have asked ambulances to take people needing emergency care to other nearby facilities.
In New Mexico, five hospitals part of the Lovelace Health System were moved off divert status as of Thursday, according to a health system spokesperson.
Due to the cybersecurity incident, some non-emergent procedures have been temporarily paused while the hospitals work to bring systems back online, the spokesperson said.
"These decisions are being made in partnership with physicians and are based on a number of considerations. Our teams are working with any patient whose appointment or procedure will need to be rescheduled. We understand the inconvenience and frustration this has caused those patients," the health system representative said Thursday. "Patient care continues to be delivered safely and effectively in our hospitals, emergency rooms and clinics."
Another nearby health system, UNM Health, issued a statement that its Hospital Incident Management Team met over the Thanksgiving holiday weekend to put a surge plan in place for anticipated higher-than-usual patient care demands.
"We thank our UNM Hospital teams for the extra work to care for our patients and helping support our broader community health care needs," the health system said in its statement, as reported by KOB4 in Albuquerque.
In Texas, the UT Health East Texas system operates 10 hospitals that also were impacted by the cyberattack and have moved off divert status, a spokesperson confirmed to Fierce Healthcare. Ardent operates UT Health East Texas through a joint venture with The University of Texas System.
But the health system's IT network and electronic health record systems are still down.
"Teams are working around the clock to bring our systems back online and to establish a timeline for returning all applications to fully operational. At this time, we do not have a firm timeline for restoring full access," the health system representative said.
Another Texas-based system in Ardent's network, BSA Health System told local media that hospitals are no longer diverting ambulances and are accepting all patients while teams continue to work to resolve the IT issue.
In Oklahoma, Hillcrest HealthCare System, also owned by Ardent Health, told local media outlets Wednesday that all of its hospitals are now off the emergency divert status.
Two hospitals in New Jersey, Hackensack Meridian Mountainside Medical Center and Hackensack Meridian Pascack Valley Medical Center, also have reopened their emergency rooms.
In many cities where hospitals were impacted, other hospitals located nearby said they had increased staffing to handle growing patient demand
Ardent said Monday it reported the event to law enforcement and retained third-party forensic and threat intelligence advisors. The hospital operator also is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible.
Ardent said it "cannot confirm the extent of any patient health or financial data that has been compromised."
Patients in multiple states are feeling the fallout from the disruption to operations, according to media reports. Patients have reported being unable to refill prescriptions, make appointments online or had their procedures rescheduled or postponed.
A recent survey from cybersecurity firm Sophos found that the rate of ransomware attacks in healthcare has decreased from 66% to 60% year over year. But despite the downward trend, the rate of attacks in 2023 is almost double the rate reported in 2021, when 34% of healthcare organizations reported being hit by ransomware.
FBI’s Internet Crime Complaint Center (IC3) issued a report in March on cyberattacks and breaches. The FBI received 870 reports of ransomware attacks aimed at organizations belonging to 16 critical infrastructure sectors. The healthcare sector topped the list with 210 reports of ransomware attacks.