Cyber attack impacts Tulsa area Hillcrest hospitals, Utica Park Clinics, and other facilities

TULSA — Ardent Health Services admitted Monday it suffered a major cyber attack on Thanksgiving Day, crippling its capacity to function and leaving patients and staff in as many as 30 hospitals in six states without a clear idea of when normal operations will resume.

Ardent spokesman Will Roberts told our reporter the company would not be discussing the situation, nor offering any information outside of what it had made publicly available on a web page, which he said will be updated as new information becomes available.

In a press release, Ardent said that the incident was a ransomware attack, and that it is unclear how much, if any, personal or financial information belonging to patients may have been exposed.

The company also said it didn’t know how long it would take to restore its systems.

A number of facilities around Oklahoma are impacted, including all Hillcrest hospitals in Tulsa, Claremore, Pryor, Cushing, and Henryetta.

Bailey Medical Center in Owasso, Tulsa Spine and Specialty Hospital, Oklahoma Heart Institute, and all Utica Park Clinics have also suffered system failures due to the cyber attack.

The hospitals continue to treat patients, but KRMG has confirmed that ambulances are being diverted to other hospitals with any emergency cases.

Non-emergent procedures are being postponed until further notice.

Patients who need prescription refills will need to contact their primary physicians or specialists directly, and may be directed to come in and pick up a handwritten prescription.

All online scheduling and MyChart systems are also down until further notice.

Ardent’s statement regarding the incident:

Ardent Health Services and its affiliated entities (“Ardent”) became aware of an information technology cybersecurity incident on the morning of November 23, 2023, which has since been determined to be a ransomware attack. The Ardent technology team immediately began working to understand the event, safeguard data, and regain functionality. As a result, Ardent proactively took its network offline, suspending all user access to its information technology applications, including corporate servers, Epic software, internet and clinical programs.

Ardent has reported this event to law enforcement and retained third-party forensic and threat intelligence advisors. In addition to electronic protection procedures already in place, Ardent has also implemented additional information technology security protocols and is working with specialist cybersecurity partners to restore its information technology operations and capabilities as quickly as possible. At this time, we cannot confirm the extent of any patient health or financial data that has been compromised.

In the interim, while this incident results in temporary disruption to certain aspects of Ardent’s clinical and financial operations, patient care continues to be delivered safely and effectively in its hospitals, emergency rooms, and clinics. In an abundance of caution, our facilities are rescheduling some non-emergent, elective procedures and diverting some emergency room patients to other area hospitals until systems are back online.

The investigation and restoration of access to electronic medical records and other clinical systems is ongoing. Ardent is still determining the full impact of this event and it is too soon to know how long this will take or what data may be involved in this incident.