Ransomware ramps up against private sector in November

Ransomware attacks continued to ravage the private sector last month, causing significant disruptions to healthcare organizations as one victim suffered its second attack in one month and another was forced to divert emergency care.

TechTarget Editorial tracks publicly disclosed and reported ransomware attacks against U.S.-based organizations and found 38 disclosures for November, with a majority affecting the private sector. In past months, attacks largely targeted the public sector or saw a more even distribution. The increase in private sector ransomware victims comes after the U.S. Securities and Exchange Commission imposed a four-day reporting deadline for public companies and charged SolarWinds for misleading investors.

Many attacks last month caused severe disruptions and damage. One of the biggest ransomware attacks occurred against Tennessee-based Advent Health Services on Thanksgiving Day.

In a statement on November 27, Ardent confirmed it was hit by ransomware on Nov. 23 and subsequently notified law enforcement and hired third-party incident responders. After detecting the attack, Ardent forced systems offline, which made several services inaccessible, including its corporate servers as well as clinical and financial operations.

However, that wasn't the worst of it. Disruptions became so severe that multiple Ardent-owned hospitals were forced to divert emergency care.

"Some non-emergency procedures are being rescheduled. Additionally, some of Ardent's hospitals are currently operating on divert, which means hospitals are asking local ambulance services to transport patients in need of emergency care to other hospitals," Ardent wrote in the statement. "This ensures critically ill patients have immediate access to the most appropriate level of care.

Ardent includes 30 hospitals, more than 200 healthcare sites and more than 20,000 employees across six states. Hospitals in multiple states were forced to divert ambulances because of the ransomware attack, according to media reports. That included the hospital network known as UT Health East Texas; Lovelace Health system in Albuquerque; and two New Jersey-based hospitals, Hackensack Meridian Pascack and Valley Medical Center.

CNN reported the attack also forced Ardent employees to revert to pen and paper. Additionally, the CNN story said CISA warned Ardent of "malicious cyber activity affecting its computer systems" on Nov. 22 as part of a ransomware outreach program to help critical infrastructure organizations.

In an update on November 30, Ardent said a "vast majority" of its clinics resumed operations and that all 25 emergency rooms were accepting patients by ambulance. However, the hospital and its subsidiaries are not in the clear yet. Some non-emergency procedures remained "temporarily paused" as Ardent worked to bring systems back online.

"In some cases, we continue to ask local EMS services to transport patients in need of certain emergency care, such as stroke or trauma care, to other area ERs," the statement said.

In response to the ransomware attack, Ardent said it implemented additional technology security protocols and is investigating the extent of affected data.