Hospitals in at least three states are diverting patients from their emergency rooms after a major cyberattack hit their parent company last week.
Ardent Health Services, which oversees 30 hospitals across the U.S., said Monday that it had been the victim of a severe ransomware attack in Oklahoma, News Mexico and Texas, forcing it to take action.
“In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online,” the company said in a news release.
Spokespeople at three Ardent-owned hospital chains across the U.S. — Hillcrest HealthCare System in Oklahoma, Lovelace Health System in New Mexico, and UT Health in Texas — each told NBC News Monday that at least some of their emergency rooms were diverting patients to other hospitals while the company tries to fix the damage from the attack.
Ardent said it had shut down a significant number of its computerized services, including clinical programs and its use of Epic Systems, a program that tracks patients’ health care records.
Ransomware is a type of criminal cyberattack where hackers gain access to a company’s computer networks, install malicious software that encrypts as many systems as possible, and demand an often hefty ransom payment for a promise to fix the damage. The FBI has repeatedly asked ransomware victims to not pay their attackers, both because there’s no guarantee they will provide a viable fix and because it fuels more attacks.
The hospitals’ problems have been ongoing since Thanksgiving Day, when the ransomware attack began, Ardent said. It’s common for ransomware hackers to wait until a major holiday or long weekend before attacking, in hopes that there will be fewer security employees working.
Hackers have consistently targeted hospital chains ever since ransomware became a major cybercrime trend in 2019. In at least one instance, a crippling ransomware attack was a major factor in a struggling rural U.S. hospital’s decision to close down.
Brett Callow, an analyst at the cybersecurity company Emsisoft, said there have been at least 35 ransomware attacks on U.S. health care providers this year — with Ardent being the largest victim.
To date, there are no known cases in which a ransomware attack on a health care facility has been proven to lead to a patient’s death. Several studies have shown, however, that there is a strong correlation between ransomware attacks on hospitals and increased mortality rates.
Kevin Collier
Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.
News Related-
Honor aims for an IPO as Huawei spin-off looks to cement position as China’s leading smartphone maker
-
Xi Jinping champions digital trade as China kicks off global e-commerce expo to further Silk Road ambitions
-
Binance US guilty plea complicates Hong Kong affiliate’s crypto licence application
-
ByteDance adds AI assistant to office tool Feishu, joining rivals Tencent and Alibaba in workplace chatbot race
-
Small Kentucky town urged to evacuate after train derails, spilling chemical
-
Crypto exchange HTX suffers US$30 million hack after another platform linked to entrepreneur Justin Sun was hit
-
Before CEO Altman’s firing, OpenAI researchers warned board of AI breakthrough that may threaten humanity
-
Eric Schmidt’s think tank urges moonshot chase to keep US ahead of China in race for technological supremacy
-
Peru lost more than half of its glacier surface
-
What does Sam Altman's firing — and quick reinstatement — mean for the future of AI?
-
A growing number of technologists think AI is giving Big Tech ‘inordinate’ power
-
Alibaba reassures on founder Jack Ma’s share sale plan and moves to quash lay-off rumours in internal letter
-
With X under fire, Elon Musk digs in and finds support from conservatives