In the throes of an ever-intensifying cybersecurity crisis, the healthcare sector is under siege, grappling with the fallout from a wave of ransomware attacks. Among the prominent victims are Ardent Health Services and Norton Healthcare, two pillars of the industry facing sophisticated cyber threats. These incidents, and many others, coupled with a new study led by MIT professor Stuart Madnick, paint a bleak picture of the industry’s vulnerability to cyber adversaries.
Ardent Health Services, a health system overseeing 30 hospitals and more than 200 care sites across six states, was the victim of a significant ransomware attack in late November, necessitating the diversion of emergency room patients and rescheduling non-urgent procedures. The fallout has prompted Ardent to take its network offline, suspend user access to critical IT applications, and launch an effort with cybersecurity partners to restore normal operations rapidly.
Usman Choudhary, chief product and technology officer at VIPRE Security Group, said the pervasive greed among ransomware groups and calls for unity within the security community underscores the critical need for accessible and affordable cybersecurity solutions. Even advanced technical protections are futile if hindered by prohibitive costs or complexity, Choudhary said.
Norton Healthcare, another healthcare provider managing eight hospitals across Kentucky and Indiana, suffered a significant data breach impacting up to 2.5 million individuals throughout 2023. The breach took place between May 7 and 9, 2023, exposing personal and protected health information of patients and employees.
This incident at Norton Healthcare amplifies the broader concerns outlined in Stuart Madnick’s report, funded by Apple, showing that ransomware attacks during the first nine months of 2023 surpassed the total from all of 2022. Ransomware attacks impacted more than 360 million people through August of this year.