AHS Management Company, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

AHS Management Company, Inc., also known as Ardent Health Services, experienced a significant data breach due to a ransomware attack discovered on November 23, 2023. The breach led to unauthorized access to a wide range of sensitive consumer information, including names, addresses, phone numbers, email addresses, Social Security numbers, medical treatment information, health insurance and claims information, and Medicaid or Medicare numbers. This incident affected an estimated 17,500 people in Texas alone, highlighting the extensive nature of the breach[1].

Ardent Health Services, based in Nashville, Tennessee, is a substantial healthcare system that owns and operates 30 hospitals and over 200 healthcare facilities across six states, employing more than 1,400 providers and 23,000 people, with an annual revenue of approximately $2.3 billion[1].

Upon discovering the ransomware attack, Ardent Health Services took immediate action by notifying law enforcement, securing its network, and initiating an investigation with the assistance of third-party cybersecurity specialists. The company was able to terminate all unauthorized access shortly after detecting the attack. As part of their response, Ardent Health Services began sending out data breach notification letters to all individuals whose information was compromised by the incident[1][3].

The breach notification letters aimed to inform affected individuals about the specifics of the compromised information and to advise them on steps to protect themselves from potential fraud or identity theft. Ardent Health Services has also posted a notice of the incident on its website and is working with legal and cybersecurity experts to address the breach’s consequences and to enhance its security measures to prevent future incidents[1][3].

This data breach underscores the growing threat of ransomware attacks on healthcare providers and the critical importance of robust cybersecurity measures to protect sensitive patient information.

Citations:

  1. https://www.jdsupra.com/legalnews/ardent-health-services-files-notice-of-6194455/
  2. https://www.heart.org
  3. https://ardenthealth.com/cybersecurityincident
  4. https://www.ahs.com
  5. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf?ref=blog.gitguardian.com
  6. https://www.alamedahealthsystem.org
  7. https://www.myinjuryattorney.com/ardent-health-services-data-breach-investigation-and-lawsuit-assistance/
  8. https://www.aetna.com
  9. https://ardenthealth.com/news/ardent-health-services-reports-information-technology-security-incident
  10. https://www.labcorp.com
  11. https://dockets.justia.com/docket/tennessee/tnmdce/3:2023cv01308/97432
  12. https://www.cardinalhealth.com/en.html
  13. https://casetext.com/case/mccool-v-ahs-mgmt-co-1
  14. https://www.arlington.k12.ma.us
  15. https://newstral.com/en/article/en/1248832252/ardent-health-services-files-notice-of-data-breach-in-the-wake-of-ransomware-attack
  16. https://www.hhs.gov
Breach Submission Date Jan 22, 2024
Converted Entity Name AHS Management Company, Inc.
Converted Entity Type Business Associate
State TN
Individuals Affected 23,686
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes