Connect with us

Hi, what are you looking for?



Ardent Hospitals Diverting Patients Following Ransomware Attack

Ransomware attack forces Ardent hospitals to shut down systems, impacting clinical and financial operations.

Ardent Health Services on Monday announced that its clinical and financial operations have been disrupted by a ransomware attack discovered on Thanksgiving morning.

The incident, the healthcare services provider says, forced it to take systems offline and suspend user access to IT applications, including corporate servers and internet and clinical programs.

“In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics,” the company says in an incident notice on its website.

Following the attack, Ardent and its affiliates are rescheduling procedures considered non-emergent and are diverting patients to other hospitals.

“Ardent’s hospitals are currently operating on divert, which means hospitals are asking local ambulance services to transport patients in need of emergency care to other area hospitals. This ensures critically ill patients have immediate access to the most appropriate level of care,” the company announced.

The healthcare services provider says it is working on restoring its systems and returning applications to normal operations, but could not estimate how long that would take.

Ardent also says that each hospital will evaluate its ability to provide care to critically ill patients in its emergency room, and that more information on how long they will be on divert will be provided for each of them as the situation evolves.

The healthcare company says it is still investigating the extent of the incident and that it cannot yet confirm what patient health or financial data might have been compromised.

Advertisement. Scroll to continue reading.

SecurityWeek has not observed any ransomware group adding Ardent to their leak sites to take responsibility for the attack.

Based in Nashville, Tennessee, Ardent Health Services owns and operates hospitals in Idaho, Kansas, New Mexico, Oklahoma, and Texas.

Related: Fidelity National Financial Takes Down Systems Following Cyberattack

Related: Yamaha Motor Confirms Data Breach Following Ransomware Attack

Related: Royal Ransomware Possibly Rebranding After Targeting 350 Organizations Worldwide

Written By

Ionut Arghire is an international correspondent for SecurityWeek.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn about active threats targeting common cloud deployments and what security teams can do to mitigate them.


Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Data Breaches

Sony shares information on the impact of two recent unrelated hacker attacks carried out by known ransomware groups. 

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.