Emergency rooms in at least 3 states diverting patients after ransomware attack

Hospitals in at least three states are diverting patients from their emergency rooms after a major cyberattack hit their parent company last week.

Ardent Health Services, which oversees 30 hospitals across the U.S., said Monday that it had been the victim of a severe ransomware attack in Oklahoma, News Mexico and Texas, forcing it to take action.

“In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online,” the company said in a news release.

Spokespeople at three Ardent-owned hospital chains across the U.S. — Hillcrest HealthCare System in Oklahoma, Lovelace Health System in New Mexico, and UT Health in Texas — each told NBC News Monday that at least some of their emergency rooms were diverting patients to other hospitals while the company tries to fix the damage from the attack.

Ardent said it had shut down a significant number of its computerized services, including clinical programs and its use of Epic Systems, a program that tracks patients’ health care records.

Ransomware is a type of criminal cyberattack where hackers gain access to a company’s computer networks, install malicious software that encrypts as many systems as possible, and demand an often hefty ransom payment for a promise to fix the damage. The FBI has repeatedly asked ransomware victims to not pay their attackers, both because there’s no guarantee they will provide a viable fix and because it fuels more attacks.

The hospitals’ problems have been ongoing since Thanksgiving Day, when the ransomware attack began, Ardent said. It’s common for ransomware hackers to wait until a major holiday or long weekend before attacking, in hopes that there will be fewer security employees working.

Hackers have consistently targeted hospital chains ever since ransomware became a major cybercrime trend in 2019. In at least one instance, a crippling ransomware attack was a major factor in a struggling rural U.S. hospital’s decision to close down.

Brett Callow, an analyst at the cybersecurity company Emsisoft, said there have been at least 35 ransomware attacks on U.S. health care providers this year — with Ardent being the largest victim.

To date, there are no known cases in which a ransomware attack on a health care facility has been proven to lead to a patient’s death. Several studies have shown, however, that there is a strong correlation between ransomware attacks on hospitals and increased mortality rates.

Kevin Collier

Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News.