A recent cyberattack on Ardent Health Services, initially affecting hospitals in East Texas on Thanksgiving Day, has spread to facilities in New Jersey, New Mexico, and Oklahoma. Ardent Health, a Tennessee-based company with over two dozen hospitals across five states, acknowledged the ransomware attack on November 23rd. The affected hospitals, including a 263-bed facility in Albuquerque, New Mexico, a 365-bed hospital in Montclair, New Jersey, and several in East Texas, are closing emergency rooms, diverting ambulances, and rescheduling non-emergency surgeries.
In response to the attack, Ardent released a statement:
Ardent Health Services became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack. The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.
Why Cybercriminals love attacking healthcare
This incident underscores the pervasive threat of ransomware to healthcare services. Ardent, which operates 30 hospitals across 3 states had to take it’s network offline, preventing their workers access to tools they need to support their patients. Cybercriminals target healthcare organizations because the critical nature of healthcare services makes these organizations more likely to pay ransoms, while complex networks provide opportunities for unauthorized access and malicious activities. We see attacks on healthcare all the time, if it isn’t a ransomware attack – it’s spear phishing.
Ardent’s press release went on to say “The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.” The immediate damage and disruption to Ardent’s business is clear, but that is only part of the story. The real expense will come from the investigation process and the resulting fines and legal ramifications of exposing protected health information (if any patient records were exposed).
What can you learn from this attack?
Prepare ahead of time
You need a real, published, security incident response plan. It needs to provide clear steps all the way from a security indicator to a complete recovery. Your response plan must designate people within your organization to own the response, and the mandate from leadership to execute it. Getting breached without a real incident response plan will make the entire experience far more painful and damaging to your business.
The attack investigation itself *can* be the worst part
If you do not have a Security Information & Event Management (SIEM) that is monitored by a true security team, your attack recovery will be painful. SIEM implements sensors across your IT environment that creates logs and compiles them into a single place that makes it possible to efficiently investigate a cyberattack. Without SIEM, you likely have zero data on most of your IT systems. If a breach occurs, your security team will not be able to determine when the attack happened, which systems were affected, and the full extent of the breach. In cases like that, you have to treat everything like it’s been compromised because you can’t say for sure that it hasn’t. This is a recent cyberattack on a law firm that did not have a SIEM tool and experienced a costly recovery process.
Need Security Help?
Cyberattacks should not scare you. If you have thought through your risks, protected your critical systems and data, and have an incident response plan; you have nothing to fear. If you haven’t done any of those things, then you need to start yesterday. We help businesses build a security program that makes sense for their risk and budget. If you need help with your security, reach out to Aldridge today!