Cyber-Attack Closes Hospital Emergency Rooms in Three US States – Emergency rooms in three states have been shut down by a cyber-attack, as indicated by a hospital operator on Monday. Consequently, the organization is redirecting patients to alternative facilities. Over the Thanksgiving holiday, Ardent Health, responsible for managing 30 hospitals in various US states such as New Mexico, Texas, and Oklahoma, disclosed that it fell victim to a ransomware attack.
This incident disrupted a substantial portion of its digital services, as stated in a press release. “In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online,” Ardent Health’s release said.
Hillcrest HealthCare in Oklahoma, Lovelace Health in New Mexico, and UT Health in Texas, all part of the impacted Ardent hospital chains, reported the transfer of patients from some of their emergency rooms to alternative hospitals. The hospital operator mentioned that the cyber-attack has impacted various computer programs, including those responsible for tracking patients’ healthcare records.
Ardent stated that the ransomware attack caused its network to go offline. The company reported the incident to law enforcement and enlisted the services of third-party forensic and threat intelligence advisers. “At this time, we cannot confirm the extent of any patient health or financial data that has been compromised,” Ardent said.
Ransomware attacks, causing disruptions in healthcare providers’ operations, are on the rise. According to Brett Callow, an analyst at cybersecurity company Emsisoft, there have been at least 35 such incidents in the US this year. These attacks often occur during holiday periods when hackers perceive a lower presence of security staff.
Law enforcement, including the FBI, advises victims against complying with ransom demands. “We need victims not to pay the ransom because that’s the gasoline that’s pouring on the fire,” the FBI director, Christopher Wray, said in February this year. “The more people pay, the price goes up and the more victims there are. So we have a shared common interest in not having the ransoms get paid.”
The targeting of hospitals, coupled with extortion payment demands, initiated in 2016, as reported by the cybersecurity firm Recorded Future. Ransomware analyst Allan Liska informed NBC in June that there have been a minimum of 300 documented attacks annually on healthcare facilities since 2020. In June, St. Margaret’s Health in Spring Valley, Illinois, had to shut down partially due to an attack.
Ardent is presumed to be the largest health operator affected thus far. While no cases of patient fatalities directly resulting from an attack have been reported, studies suggest a correlation between ransomware attacks on hospitals and increased mortality rates, according to NBC. Ardent, which started out running psychiatric hospitals, said that patient care continued to be delivered “safely and effectively in its hospitals, emergency rooms, and clinics”.
People Also Read: Why Employers Should Care For Employee Mental Health
But out of “an abundance of caution”, the company said, it was rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online. “Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident,” the company added.