In the United States, a major healthcare service provider, Ardent Health Services, got its hospital management software breached by a cyberattack. This cyberattack happened on November 28th, and the company temporarily suspended all information technology applications and clinical programs.
This security breach happened on Thanksgiving weekend. 30 hospitals and more than 200 healthcare sites in six states belonging to Ardent Health Services were greatly affected by this cyberattack.
Annie Wolf, one of the patients at Hillcrest Medical Center in Oklahoma, had two days left for her open-heart surgery for a hole in the mitral valve of her heart, but due to a security breach, her appointment has been rescheduled.
J.D. Bloomer, a patient at the University of Kansas Healthcare System St. Francis campus, had a history of cancer, which was diagnosed in 2008. J.D. Bloomer visited the hospital for a headache instead of his regular cancer checkup due to this incident.
The Ardent Health Services company shuts down all their networks, which include the internet, application software, clinical programs, and all information technology applications. They rescheduled their clinical procedures, and the appointments given to the patients in their hospitals and emergency room patients were sent to other hospitals.
This security breach incident was reported to US law enforcement by the company, and steps were taken to restore electronic health records and other clinical data. One of the emergency care physicians in the hospital, who was also a hacker before, worked with a cybersecurity specialist to solve the issue as early as possible.
A Reddit user claimed to be an Ardent Health Services employee and said that this cyberattack was done by Black Suit ransomware. The US security officials suspect it to be done by Royal Ransomware.
The Chief Information Security Officer, Jess Parnell, stated that cybercriminals are continuously probing the network and are quickly changing their tactics to increase their success rates in breaching networks. He also said that even though health organizations spend on cybersecurity, cyber risks are increasing continuously, so he advises health companies to implement proactive cybersecurity measures to protect their assets.
Similar security breach incidents happened in various healthcare organizations earlier this year in the US, such as Florida Healthcare Organizations and Prospect Medical Holdings.
(Input from various media sources)