Ardent Health Services announced Monday that, following the discovery of a cyberattack, it has taken its network offline. The health service provider is the administrator of over 30 hospitals in the United States, with the attack affecting Oklahoma, New Mexico, and Texas. Some non-emergency procedures are being rescheduled and Ardent hospitals are asking ambulances to transport patients in need of emergency care to other area hospitals. Ardent can’t currently confirm the extent of patient health or financial data that has been breached.
The following experts from Exabeam and HackerOne discussed the attack:
Steve Moore, Vice President & Chief Security Strategist, Exabeam
“This is a worst-case scenario; a security incident interferes with quality of care/quality of life. My sympathies go out to those who needed care and found it delayed. These well-funded criminal adversaries require ongoing offensive pressure to counteract their growing momentum. Godspeed to those in the offensive space who work daily on criminal group takedowns, protectors with offensive talents ranging from cybersecurity intelligence to traditional police work, specifically, those with arrest powers. From my days in breach response, I know the pain and the rush of what is happening. My heart is with the responders, and I hope for rapid response and recovery.”
Kayla Underkoffler, Lead Security Technologist at HackerOne
“Ardent Health Services is a reminder of the heightened cybersecurity risk healthcare organizations face, especially during the holiday season. Hospitals often see reduced staff around this time, which can inadvertently open doors for cybercriminals; threat actors seek to be online when they know defenders are not. Healthcare systems are also particularly enticing targets for ransomware gangs year round. These organizations are not always the most security mature and sit on a mountain of valuable confidential data — they’re low-hanging fruit and a gold mine for exploitation.
“To be fair, healthcare data is highly regulated and confidential making adopting seemingly cutting edge cybersecurity best practices intimidating. However, I’d encourage healthcare organizations to consider the downside they’re already facing as the frequency of breaches continues to mount in this industry. Healthcare organizations must find a way to develop more proactivity in their cybersecurity approach and can look to other industries that face similar obstacles in regulation, data sensitivity, and digital infrastructure complexity for inspiration.
“For example, government and financial services are two sectors that have found great success in implementing Vulnerability Disclosure Programs (VDPs). These “see something say something” programs facilitate how organizations can empower security researchers to continuously identify and report vulnerabilities before cybercriminals can, and they have become a gold standard for every organization and security program, no matter the vertical. Healthcare organizations that do the work to take the lead now in embracing best practices are likely to see outsized benefits in reducing their own cybersecurity risk and driving the industry toward security maturity.”