NATIONAL NEWS

Ransomware attack prompts multistate hospital chain to divert some emergency room patients elsewhere

Nov 28, 2023, 8:21 AM | Updated: 2:12 pm

NASHVILLE, Tenn. (AP) — A ransomware attack has prompted a health care chain that operates 30 hospitals in six states to divert patients from some of its emergency rooms to other hospitals while putting certain elective procedures on pause.

Ardent Health Services said it took its network offline after the Nov. 23 cyberattack, adding in a statement that it suspended user access to its information technology applications such as software used to document patient care.

By Tuesday afternoon, more than half of Ardent’s 25 emergency rooms had resumed accepting some patients by ambulance or by fully lifting their “divert” status, Ardent spokesperson Will Roberts said. Divert status means hospitals have asked ambulances to take those needing emergency care to other facilities nearby. Roberts said hospitals nationwide have at times used divert status during flu season, COVID-19 surges, natural disasters or large trauma events.

The company said it could not yet confirm the extent of any compromised patient health or financial information. It reported the issue to law enforcement and retained third-party forensic and threat intelligence advisers, while working with cybersecurity specialists to restore IT functions as quickly as possible. There was no timeline yet to resolve the problems.

Based in the Nashville, Tennessee, suburb of Brentwood, Ardent owns and operates 30 hospitals and more than 200 care sites with upwards of 1,400 aligned providers in Oklahoma, Texas, New Jersey, New Mexico, Idaho and Kansas.

Each hospital is still providing medical screenings and stabilizing care to patients arriving at emergency rooms, Ardent said.

In Amarillo, Texas, William Spell said he and his mother have had flu-like symptoms for days but were unable to make a doctor’s appointment through an online patient portal due to the cyberattack.

“We are trying to figure out other options as to what to do next,” said Spell, 34.

BSA Health System – the Ardent umbrella provider for Spell’s clinic and other facilities in the city – said in a Facebook post that it was working to restore its patient portal and system for video doctors’ visits. Spell said his doctor’s office could not tell him how long the outage might last and recommended they try an urgent care clinic.

“That’s just something we cannot do because urgent cares charge a lot of money just to walk through the door and be seen by a doctor,” Spell said. “There’s no way we can afford that.”

Several hospitals in Albuquerque, New Mexico, within Ardent’s Lovelace Health System have continued to divert some patients needing emergency care to other city hospitals, Lovelace spokesperson Whitney Marquez said. They also rescheduled elective and other non-urgent surgeries.

In Topeka, Kansas, a hospital spokesperson confirmed the attack put the University of Kansas Health System-St. Francis on divert status. Meanwhile, the city’s other hospital, Stormont Vail, increased weekend staffing after patient volume began growing Friday, said Stormont Vail Health spokesperson MollyPatt Eyestone.

There was no immediate claim of responsibility for the attack. Ransomware criminals do not usually admit to an attack unless the victim refuses to pay.

“The attack against Ardent Health is both egregious and quickly becoming the norm,” said analyst Allan Liska at the cybersecurity firm Recorded Future. “Stories like patients being turned away from emergency rooms, hospitals being forced to resort to pen and paper for patient care, or hospital personnel unable to access medical records are increasingly common.”

While some groups won’t attack hospitals, “they are greatly outnumbered by those who will and with the number of ransomware groups growing every day, the percentage who won’t attack hospitals is constantly decreasing,” Liska said. “Health care, in general, is an attractive target for these groups because there is a perception that they are more likely to pay, even though the evidence suggests otherwise.”

Even when health care providers don’t pay, ransomware groups can sell patient data, Liska added.

A recent global study by the cybersecurity firm Sophos found nearly two-thirds of health care organizations were hit by ransomware attacks in the year ending in March, double the rate from two years earlier but dipping slightly from 2022. Education was the sector most likely to be targeted, with attack saturation at 80%.

Increasingly, ransomware gangs steal data before activating data-scrambling malware that paralyzes networks. The threat of making stolen data public is used to extort payments. That data can also be sold online. Sophos found data theft occurred in one in three ransomware attacks on health care organizations.

Analyst Brett Callow at the cybersecurity firm Emsisoft said 25 U.S. health care systems with 290 hospitals were hit last year while this year the number is 36 with 128 hospitals. Not all hospitals within the systems may have been impacted, and not all may have been impacted equally, he said.

“We desperately need to find ways to better protect our hospitals. These incidents put patients lives at risk — especially when ambulances need to be diverted — and the fact that nobody appears to have yet died is partly due to luck,” Callow added.

Most ransomware syndicates are run by Russian speakers based in former Soviet states, beyond the reach of U.S. law enforcement, though some “affiliates” who do the grunt work of infecting targets and negotiating ransoms live in the West, using the syndicates’ software infrastructure and tools.

___

Bleiberg reported from Dallas. Associated Press technology reporter Frank Bajak and writers Heather Hollingsworth in Mission, Kansas, and Susan Montoya Bryan in Albuquerque, New Mexico contributed to this report.

National News

FILE - President Donald Trump, center, sits with retired Army Lt. Gen. Keith Kellogg, right, at Tru...

Associated Press

Trump is likely to name a loyalist as Pentagon chief after first-term tumult

WASHINGTON (AP) — President-elect Donald Trump’s choice for defense secretary is still up in the air, but it is a sure bet he will look to reshape the Pentagon and pick a loyalist following his tumultuous first term. Five men held the job as Pentagon chief only to resign, be fired or serve briefly as […]

17 minutes ago

mattel wicked...

Associated Press

Mattel says it ‘deeply’ regrets misprint on ‘Wicked’ dolls packaging that links to porn site

A packaging error on Mattel's “Wicked” movie-themed dolls mistakenly links toy buyers to a pornographic website.

31 minutes ago

Stephen Miller speaks before Republican presidential nominee former President Donald Trump at a cam...

Associated Press

Trump names Stephen Miller to be deputy chief of policy in new administration

NEW YORK (AP) — Donald Trump is naming longtime adviser Stephen Miller, an immigration hard-liner, to be the deputy chief of policy in his new administration. Vice President-elect JD Vance posted a message of congratulations on Monday to Miller on X and said, “This is another fantastic pick by the president.” The announcement was first […]

36 minutes ago

FILE - Cynthia Erivo, left, and Ariana Grande arrive at the premiere of "Wicked" on Nov. 9, 2024, a...

Associated Press

Mattel says it ‘deeply’ regrets misprint on ‘Wicked’ dolls packaging that links to porn site

NEW YORK (AP) — Toy giant Mattel says it “deeply” regrets an error on the packaging of its “Wicked” movie-themed dolls, which mistakenly links toy buyers to a pornographic website. The error gained attention on social media over the weekend, where numerous users shared photos of the URL printed on the back of the boxes […]

53 minutes ago

Associated Press

Suspected shooter and four others are found dead in three Kansas homes, police say

WICHITA, Kan. (AP) — Five people were found shot to death inside three homes in the same area of Wichita, Kansas, and police believe the shootings are connected. Police Chief Joe Sullivan said one of the people found dead Sunday was the suspected shooter, but he declined to elaborate. Police believe all five knew each […]

1 hour ago

This image taken from video provided by WSFA shows people standing near the scene of an earlier sho...

Associated Press

Man killed in Tuskegee University shooting in Alabama is identified. 16 others were hurt

The man killed in a homecoming weekend shooting at Tuskegee University has been identified as 18-year-old La’Tavion Johnson, of Troy, Alabama, the local coroner said Monday. The shooting injured 16 other people, a dozen of them by gunfire, authorities said. One arrest was announced hours later. Many of the injured were students, but Johnson was […]

2 hours ago

Ransomware attack prompts multistate hospital chain to divert some emergency room patients elsewhere