Skip to main content

Ardent Health Services Data Breach Investigation

Written by Joseph Lyon on . Posted in Data Breach.

The Lyon Firm is currently investigating reports of a cyberattack impacting hospitals operated by Ardent Health, a Brentwood, Tennessee-based healthcare organization. The investigation is ongoing and more information should come to light in the next few weeks. Contact our legal team if Ardent contacts you regarding any reported data breach.

According to a timeline posted on their website, Ardent Health Services and its affiliated entities began mailing notification letters to individuals whose personal information may have been involved in the data security incident.

Ardent, which operates 30 hospitals and has more than 200 sites of care across the country, allegedly suffered a ransomware attack that hit hospitals in at least six states – Texas, Idaho, Kansas, New Jersey, New Mexico, and Oklahoma. The cyberattack has resulted in emergency rooms being placed on divert, with new patients redirected to alternate facilities.

Several Ardent Health Services locations announced over the Thanksgiving weekend that they were investigating network outages. Patient information was being recorded using pen and paper due to the lack of access to IT systems and patient data. Ardent Health Services issued a statement confirming that the disruption was indeed caused by a ransomware attack.

Unauthorized activity on the hospital networks was first detected on the morning of November 23, 2023, and it was later determined to have been caused by a ransomware attack. No ransomware group has yet claimed responsibility. The Ardent Health system is working to restore access to critical IT systems and third-party cybersecurity experts have been engaged to assist with the investigation.

If Ardent Health Services concludes that patient information was compromised, it will eventually send out data breach notification letters to anyone who was affected. If you receive a letter from Ardent, a lot may be at risk and you should begin to take action to minimize the threat of fraud and identity theft.

According to notices, the following facilities appear to be among those that were affected by the ransomware attack:

  • Pascack Valley Medical Center
  • Mountainside Medical Center
  • Lovelace Health System
  • Hillcrest HealthCare System
  • U of Kansas Health System — St. Francis campus
  • Portneuf Medical Center
  • BSA Health System

The Lyon Firm represents plaintiffs nationwide in a wide variety of class action data privacy lawsuits. We are currently involved in numerous healthcare-related data breach cases, and have recently settled similar litigation. Call for a free consultation and to learn more about how to protect yourself after a cyberattack impacts your personal data.