Share this article on:
Emergency rooms across the US have been shut down following a cyber attack, forcing hospitals to reschedule elective surgeries and redirect ambulances.
Leading US healthcare provider Ardent Health Services, which is responsible for 30 hospitals and over 200 “sites of care”, confirmed that it was the victim of a ransomware attack on Thanksgiving.
“The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality,” said the healthcare organisation.
“As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.”
The cyber attack reportedly took down the hospitals’ ability to access patient healthcare records and took the network offline.
At this stage of its investigation, Ardent has said it is unable to confirm the extent to which the threat actors accessed its systems, nor whether any patient health or financial data has been compromised.
It has also said that in an effort to mitigate further damage, affected Ardent hospitals, Lovelace Health (New Mexico), UT Health (Texas) and Hillcrest Healthcare (Oklahoma), it is diverting emergency room patients to other hospitals and rescheduling some elective surgeries.
“Safely caring for patients remains Ardent’s highest priority, and we continue to provide care in our hospitals, clinics and emergency rooms. Some non-emergent, elective procedures are being rescheduled,” it added.
“Additionally, some of Ardent’s hospitals are currently operating on divert, which means hospitals are asking local ambulance services to transport patients in need of emergency care to other area hospitals. This ensures critically ill patients have immediate access to the most appropriate level of care.”
Patients arriving at affected hospitals in need of emergency care will still be met by a team who will stabilise them and perform a medical screening exam.
Ardent is unsure whether its emergency rooms will return to normal operations but said that it is “working around the clock” to bounce back.
As part of this, the healthcare organisation has informed law enforcement agencies and third-party cyber experts. It has also bolstered its security protocols.
At this stage, it is currently unknown who was behind the attack, nor what the ransomware demands are or whether Ardent is looking to negotiate or pay them.
Healthcare organisations are a lucrative target for threat actors due to the serious consequences of not adhering to ransomware demands.
While in most cases, governments and private companies support not paying ransom as it fuels cyber criminal organisations and provides them with funding, healthcare organisations like Ardent face the unique issue of juggling not rewarding cyber criminals and ensuring that the health of their patients is not compromised.
A threat actor who locks down a hospital, such as in the case of Ardent, by disabling emergency rooms has made the attack a life-or-death situation, meaning paying a ransom may be the fastest way to return things to normal and prevent harm.
The Australian government has said that paying ransom will become illegal one day, but not for at least two years to allow time for the specifics of the legislation to be planned.
Australia has also suffered its fair share of attacks on healthcare organisations, the most prevalent of which was the Medibank hack in October last year, affecting 9.7 million people.