How a hospital system recovered from a cyberattack | ViVE 2025

Nashville – Many in the public envision a hacker as someone in a hoodie working in the basement, punching a few keys and busting into a computer system.

Anika Gardenhire, chief digital and information officer of Ardent Health, talked about how her health system responded to a cyberattack during the ViVE conference in Nashville.

Anika Gardenhire, chief digital and information officer of Ardent Health, offers a different comparison.

“I tell people: Think ‘Ocean’s 11’,” she says, referencing the film about a savvy group of thieves who break into a casino. “Think being cased for several months. Think people trying to understand every single vulnerability that you have.”

Gardenhire shared that analogy in a panel discussion about technology failures and cyberattacks at the ViVE conference Monday. She talked about the cyberattack that Ardent Health suffered in November 2023. Ardent, based in Brentwood, Tennessee, a suburb of Nashville, operates 30 hospitals and more than 200 sites of care in six states.

In the attack, Ardent temporarily had to divert ambulances to other hospitals for a few days, and the system was without access to its electronic health records for days. Ardent is one of hundreds of healthcare organizations that have suffered breaches in recent years.

Even with the disruptions, Gardenhire says there were some key steps that helped aid Ardent’s recovery.

“It's the way that your teams show up, how quickly you can activate people,” she says. “It's the partnership with your executive leadership team and really understanding who can make what decisions, how you'll make decisions, creating a coordinated effort.”

In fact, Gardenhire says the teamwork and collaboration across the organization proved to be a differentiator in recovering from the attack.

“We had several partners who showed up in big ways,” she says. “For us, it was the involvement and absolute relentlessness of our teams, right, and people showing up, spending multiple nights and days working together. And from an executive leadership team perspective, it was the deep partnership with our executive leadership team and the board to really sort of give us the bandwidth and the breadth and space that we needed in order to fight the fight.”

Gardenhire says she also consulted chief information officers of other health systems during the crisis, and they offered important insights.

“Much of that advice was invaluable and helped us think of things that just quite frankly, you would never think of unless you had had the experience,” she says.

Ardent’s general counsel also made a key decision early in the crisis, telling the technology team to work on the cure for recovery, while other leaders focused on the consequences, Gardenhire says.

“It really turned out to be just brilliant,” she says. “And so it created space for the technology teams … to just run fast at the cure. We could knock anything over. We could take anything off, we could unplug anything.”

As a registered nurse, Gardenhire says she could never completely put aside the ramifications of taking systems down.

“I knew exactly what I was doing to people, and it was absolutely always in the back of my head. But the reality was, it did create space for us to run incredibly fast,” she says.

Others in the staff faced the fallout of the attack, and they dealt with devising processes for communicating with clinicians, pharmacists, and other staff, as well as concentrating on patient safety. Staff also had to face mundane but necessary tasks such as heading to office supply stores to buy more paper.

“It wasn't necessarily something that we practiced, but once we leaned into it, we were all in,” she says.

Hospitals should think about planning for cybersecurity events just like any other disaster, including the need for business continuity plans, Gardenhire suggests. She also stresses the value of planning exercises to increase preparedness.

When it comes to cyberattacks, she says, “It’s really not a matter of if. It’s just a matter of when.”

“I tell people to think about technology like a really important member of the care team,” she says. “So when we have a technology event, it's like a really, really important member of the care team didn't come to work today.”

• Read more: Cybersecurity panel: How hospitals can protect their systems, and their patients