On November 23, 2023, Ardent Health Services and its affiliated entities (Ardent) discovered a ransomware incident impacting its network. Upon learning of the incident, Ardent immediately notified law enforcement, initiated its incident response plan, launched an investigation into the incident with the assistance of an outside cybersecurity firm, and began employing containment measures. Shortly thereafter, Ardent successfully terminated the unauthorized access. Our investigation has revealed that an unauthorized actor extracted copies of documents that include certain personal information. At this time, we have no indication that this information has been misused.
The unauthorized actor may have accessed, viewed or removed documents with the following types of information: patient contact information (e.g., address, phone number, email address), Social Security numbers, medical treatment information (e.g., providers, dates of service, diagnoses, prescriptions), health insurance and claims information, and Medicaid / Medicare numbers.
On January 22, 2024, we began mailing letters to individuals whose information may have been involved. Our data review process is ongoing and will take time to complete. As we identify additional impacted individuals, we will mail letters to them in accordance with all applicable laws. All individuals whose personal information was impacted are eligible to enroll in credit monitoring and fraud-protection services through TransUnion for one year at no cost. Ardent has set up a dedicated, toll-free call center to support individuals with questions about the incident. Beginning on Tuesday, January 23, the call center can be reached at 1-833-961-7634, Monday through Friday, between 7 a.m. and 7 p.m. Central Time, excluding U.S. holidays.
In addition to the investigation into this incident, we are taking additional steps to improve our cybersecurity protections and enhance employee training. We value the trust patients and team members place in us to protect the privacy and security of their information, and we sincerely regret any inconvenience or concern this incident may have caused.