Ransomware attack at Ardent Health Services disrupts operations in multiple states | #ransomware | #cybercrime

This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • Ardent Health Services is diverting emergency care to nearby facilities in multiple states after a cyberattack forced the hospital operator to take its systems offline over the Thanksgiving holiday.
  • Ardent, which runs roughly 30 hospitals and 200 other care sites in six states, learned of the ransomware attack on Nov. 23, and moved to suspend access to its IT systems, including its corporate servers and Epic electronic health record, according to a Monday incident report.
  • The Nashville-based company doesn’t have a firm timeline for returning to normal operations, and can’t yet confirm what patient data may have been exposed. 

Dive Insight: 

Healthcare data breaches have been on the rise for the past decade, exposing hundreds of millions of patient records since 2010, according to federal records. As providers and other healthcare companies adopt more digital tools, criminals also have more opportunities to exploit the sector.

Ardent operates facilities in Oklahoma, Texas, New Jersey, New Mexico, Idaho and Kansas. Facilities in at least four of those states have been compromised by the cyberattack, including UT Health in TexasLovelace Health in New MexicoHillcrest HealthCare in Oklahoma and a hospital in Montclair, New Jersey

“In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online,” Ardent said in its release.

Ransomware, where cybercriminals demand payment in exchange for restored access to sensitive information, poses a critical threat to care delivery and public health.

The attacks can disrupt hospital operations, reducing access to care and potentially putting lives at risk. About one in four providers reported a rise in mortality rates following a ransomware attack, according to a Ponemon Institute survey in 2021.

A ransomware attack on Prospect Medical Holdings, which operates 16 hospitals in several states, forced one of its facilities in Connecticut to divert patients for more than two weeks earlier this year, according to reporting by the Connecticut Mirror. More than 342,000 patients’ health information was exposed in the attack, according to a federal disclosure.

Ransomware threats to U.S. healthcare organizations are also expensive. The attacks cost the economy around $77.5 billion in downtime since 2016, according to an analysis by cybersecurity research firm Comparitech. 

Facility downtime varied by incident, but healthcare organizations lost on average 14 days following a ransomware attack, Comparitech found.

Source link

National Cyber Security