Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 31, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	We identify and assess areas of risk for our business on an ongoing basis, and we have developed, and regularly update and refine, comprehensive practices to manage and mitigate existing and potential risks to our business. As part of that process, we continually identify and assess areas of cybersecurity risk for our business using the National Institute of Technology Cybersecurity Framework 2.0 (“NIST CSF 2.0 Framework”). We have an information security risk management framework that has processes dedicated to the identification, assessment and management of material risks from cybersecurity threats. Our approach to cybersecurity risk management includes the following elements: •a team dedicated solely to cybersecurity which is managed by our Chief Information Security Officer (“CISO”), who reports directly to our Chief Digital and Transformation Officer (“CDTO”); •a third party risk management process that includes cybersecurity assessments of third party products and systems proposed to connect to our information systems environment or access or store our data; and •a cybersecurity incident response plan. Our cybersecurity team, which includes both our employees and those of our managed services providers, is comprised of people with various functional areas of responsibility, including personnel from our information technology, operations, legal, compliance, risk management, communications, incident command center, security, human resources, finance and internal audit teams. We have contracted with a Security Operations Center service provider and a Managed Detect and Response service provider; both of which are staffed 24 hours a day to provide monitoring and active protection support for our cybersecurity risk management program. Our senior security leadership team has significant experience with data security, and members have served in various roles within our security program. We have devised a multi-faceted approach to assess, identify, protect, detect, respond to and recover from cybersecurity threats using the NIST CSF 2.0 Framework. We have implemented numerous threat management tools and processes, and developed disaster recovery and business continuity plans that are tested and updated periodically. We strive to stay abreast of cybersecurity threats through integrated threat intelligence feeds, industry and federal threat notices, and participation in healthcare industry intelligence sharing. We also regularly conduct table-top exercises, which serve to simulate cybersecurity incidents to practice our response and identify gaps. We routinely perform security risk assessments using internal and external services, including internal and external penetration testing. We also require all employees to complete cybersecurity awareness training annually, and we circulate cybersecurity awareness alerts, safety tips and newsletters to employees across the enterprise regularly. In addition, we routinely run phishing campaigns and perform other tests to increase awareness of cybersecurity threats. Our business requires us to share data, and have our systems interact, with third parties, including our service providers and vendors, as well as other healthcare providers and their vendors. This interaction and sharing of data creates risks to our systems and makes us vulnerable to third party systems and practices. Incidents and cybersecurity attacks at third parties can impact our operations and our obligations to patients, payers and others. We manage this risk through an information technology review and approval process that considers the anticipated use and implementation of proposed technologies and includes cybersecurity team assessments of third party products and systems proposed to connect to our information systems or access or store our data. A subgroup of our cybersecurity team is dedicated to risk assessment analyses of vendor security practices and protections. We leverage the FAIR (Factor Analysis of Information Risk) model to help quantify the third party’s cyber risk. We endeavor to incorporate security measures into contracts with vendors. In addition to protecting our assets and systems, our cybersecurity team is tasked with detecting and defending against cybersecurity threats to our systems and data. We maintain a response plan, updated annually, that outlines actions to be taken with respect to cyber incidents and includes procedures, notification processes, and protocols for escalation to senior management. We have a cybersecurity incident response team composed of a smaller, core group of our cybersecurity team. We also engage third parties, such as forensics consultants, external legal counsel and law enforcement, as needed and as appropriate based on the circumstances. Incidents are escalated to senior management as appropriate based on the nature of the incident.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	We identify and assess areas of risk for our business on an ongoing basis, and we have developed, and regularly update and refine, comprehensive practices to manage and mitigate existing and potential risks to our business. As part of that process, we continually identify and assess areas of cybersecurity risk for our business using the National Institute of Technology Cybersecurity Framework 2.0 (“NIST CSF 2.0 Framework”). We have an information security risk management framework that has processes dedicated to the identification, assessment and management of material risks from cybersecurity threats. Our approach to cybersecurity risk management includes the following elements: •a team dedicated solely to cybersecurity which is managed by our Chief Information Security Officer (“CISO”), who reports directly to our Chief Digital and Transformation Officer (“CDTO”); •a third party risk management process that includes cybersecurity assessments of third party products and systems proposed to connect to our information systems environment or access or store our data; and •a cybersecurity incident response plan.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]	In November 2023, we experienced the Cybersecurity Incident, which temporarily disrupted our operations and involved the exfiltration of certain confidential employee and patient information. We incurred significant costs to remediate the issues, sustained lost revenues from the associated business interruption and incurred other related expenses. Following the Cybersecurity Incident, we implemented certain changes to our information systems and processes meant to provide additional protections to our environment, including, among other things, enhancing the visibility of our Security Operations Center, training practices, detection tools and capabilities, and implemented new tools and processes, expanded the scope of vulnerability management, and increased scrutiny of internet access. In addition, we adopted several technologies that incorporate artificial intelligence capabilities to enhance our protection capabilities. However, we continue to face a heightened risk of cybersecurity threats targeting healthcare providers, including ransomware attacks, which may materially impact our operations. Threat actors continue to proliferate, adapt and devote significant effort to attacking the information systems and electronically transmitted and stored data of healthcare providers and related entities.
Cybersecurity Risk Board of Directors Oversight [Text Block]	Board Oversight—Our Board of Directors (the "Board"), as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated certain risk management responsibilities with respect to cybersecurity to our Audit and Compliance Committee. Our Board has identified the oversight of cybersecurity risks to be one of its priorities, and it receives regular reports from management, including the CDTO and the CISO, on various cybersecurity matters, including the security of our information systems, anticipated sources of future material cyber risks and how management is addressing any significant potential vulnerability. The Board’s Audit and Compliance Committee receives regular updates on cybersecurity threats and other matters. In addition to regular updates to the Audit and Compliance Committee, we have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported in a timely manner to the Board and Audit and Compliance Committee.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Management is responsible for the day-to-day handling of risks facing our Company, including cybersecurity risks. Our CISO, who reports directly to our CDTO, oversees and manages our cybersecurity strategy and related programs.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our Board has identified the oversight of cybersecurity risks to be one of its priorities, and it receives regular reports from management, including the CDTO and the CISO, on various cybersecurity matters, including the security of our information systems, anticipated sources of future material cyber risks and how management is addressing any significant potential vulnerability. The Board’s Audit and Compliance Committee receives regular updates on cybersecurity threats and other matters. In addition to regular updates to the Audit and Compliance Committee, we have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported in a timely manner to the Board and Audit and Compliance Committee.
Cybersecurity Risk Role of Management [Text Block]	Management Oversight—Management is responsible for the day-to-day handling of risks facing our Company, including cybersecurity risks. Our CISO, who reports directly to our CDTO, oversees and manages our cybersecurity strategy and related programs. As the head of our cybersecurity team, both internal and outsourced, our CISO is primarily responsible for assessing and managing risks from cybersecurity threats. The processes by which he is informed about and monitors the prevention, detection, mitigation and remediation of cybersecurity incidents is described above. He reports information about such risks to the CDTO and other members of senior management, who, in turn, report them to our Board and Audit and Compliance Committee, as appropriate. Our CISO joined us in January 1998 with 13 years of experience in various technology and information security roles within Ardent.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Management is responsible for the day-to-day handling of risks facing our Company, including cybersecurity risks. Our CISO, who reports directly to our CDTO, oversees and manages our cybersecurity strategy and related programs.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CISO joined us in January 1998 with 13 years of experience in various technology and information security roles within Ardent.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Our Board has identified the oversight of cybersecurity risks to be one of its priorities, and it receives regular reports from management, including the CDTO and the CISO, on various cybersecurity matters, including the security of our information systems, anticipated sources of future material cyber risks and how management is addressing any significant potential vulnerability. The Board’s Audit and Compliance Committee receives regular updates on cybersecurity threats and other matters. In addition to regular updates to the Audit and Compliance Committee, we have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported in a timely manner to the Board and Audit and Compliance Committee.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management and Strategy Disclosure

12 Months Ended

Dec. 31, 2024

Cybersecurity Risk Management, Strategy, and Governance [Line Items]

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

We identify and assess areas of risk for our business on an ongoing basis, and we have developed, and regularly update and refine, comprehensive practices to manage and mitigate existing and potential risks to our business. As part of that process, we continually identify and assess areas of cybersecurity risk for our business using the National Institute of Technology Cybersecurity Framework 2.0 (“NIST CSF 2.0 Framework”). We have an information security risk management framework that has processes dedicated to the identification, assessment and management of material risks from cybersecurity threats. Our approach to cybersecurity risk management includes the following elements:

•a team dedicated solely to cybersecurity which is managed by our Chief Information Security Officer (“CISO”), who reports directly to our Chief Digital and Transformation Officer (“CDTO”);

•a third party risk management process that includes cybersecurity assessments of third party products and systems proposed to connect to our information systems environment or access or store our data; and

•a cybersecurity incident response plan.

Our cybersecurity team, which includes both our employees and those of our managed services providers, is comprised of people with various functional areas of responsibility, including personnel from our information technology, operations, legal, compliance, risk management, communications, incident command center, security, human resources, finance and internal audit teams. We have contracted with a Security Operations Center service provider and a Managed Detect and Response service provider; both of which are staffed 24 hours a day to provide monitoring and active protection support for our cybersecurity risk management program. Our senior security leadership team has significant experience with data security, and members have served in various roles within our security program.

We have devised a multi-faceted approach to assess, identify, protect, detect, respond to and recover from cybersecurity threats using the NIST CSF 2.0 Framework. We have implemented numerous threat management tools and processes, and developed disaster recovery and business continuity plans that are tested and updated periodically. We strive to stay abreast of cybersecurity threats through integrated threat intelligence feeds, industry and federal threat notices, and participation in healthcare industry intelligence sharing. We also regularly conduct table-top exercises, which serve to simulate cybersecurity incidents to practice our response and identify gaps. We routinely perform security risk assessments using internal and external services, including internal and external penetration testing.

We also require all employees to complete cybersecurity awareness training annually, and we circulate cybersecurity awareness alerts, safety tips and newsletters to employees across the enterprise regularly. In addition, we routinely run phishing campaigns and perform other tests to increase awareness of cybersecurity threats.

Our business requires us to share data, and have our systems interact, with third parties, including our service providers and vendors, as well as other healthcare providers and their vendors. This interaction and sharing of data creates risks to our systems and makes us vulnerable to third party systems and practices. Incidents and cybersecurity attacks at third parties can impact our operations and our obligations to patients, payers and others. We manage this risk through an information technology review and approval process that considers the anticipated use and implementation of proposed technologies and includes cybersecurity team assessments of third party products and systems proposed to connect to our information systems or access or store our data. A subgroup of our cybersecurity team is dedicated to risk assessment analyses of vendor security practices and protections. We leverage the FAIR (Factor Analysis of Information Risk) model to help quantify the third party’s cyber risk. We endeavor to incorporate security measures into contracts with vendors.

In addition to protecting our assets and systems, our cybersecurity team is tasked with detecting and defending against cybersecurity threats to our systems and data. We maintain a response plan, updated annually, that outlines actions to be taken with respect to cyber incidents and includes procedures, notification processes, and protocols for escalation to senior management. We have a cybersecurity incident response team composed of a smaller, core group of our cybersecurity team. We also engage third parties, such as forensics consultants, external legal counsel and law enforcement, as needed and as appropriate based on the circumstances. Incidents are escalated to senior management as appropriate based on the nature of the incident.

Cybersecurity Risk Management Processes Integrated [Flag]

true

Cybersecurity Risk Management Processes Integrated [Text Block]

•a team dedicated solely to cybersecurity which is managed by our Chief Information Security Officer (“CISO”), who reports directly to our Chief Digital and Transformation Officer (“CDTO”);

•a cybersecurity incident response plan.

Cybersecurity Risk Management Third Party Engaged [Flag]

true

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]

true

Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Text Block]

In November 2023, we experienced the Cybersecurity Incident, which temporarily disrupted our operations and involved the exfiltration of certain confidential employee and patient information. We incurred significant costs to remediate the issues, sustained lost revenues from the associated business interruption and incurred other related expenses. Following the Cybersecurity Incident, we implemented certain changes to our information systems and processes meant to provide additional protections to our environment, including, among other things, enhancing the visibility of our Security Operations Center, training practices, detection tools and capabilities, and implemented new tools and processes, expanded the scope of vulnerability management, and increased scrutiny of internet access. In addition, we adopted several technologies that incorporate artificial intelligence capabilities to enhance our protection capabilities. However, we continue to face a heightened risk of cybersecurity threats targeting healthcare providers, including ransomware attacks, which may materially impact our operations. Threat actors continue to proliferate, adapt and devote significant effort to attacking the information systems and electronically transmitted and stored data of healthcare providers and related entities.

Cybersecurity Risk Board of Directors Oversight [Text Block]

Board Oversight—Our Board of Directors (the "Board"), as a whole and through its committees, oversees risk management, including cybersecurity risks. The Board has delegated certain risk management responsibilities with respect to cybersecurity to our Audit and Compliance Committee. Our Board has identified the oversight of cybersecurity risks to be one of its priorities, and it receives regular reports from management, including the CDTO and the CISO, on various cybersecurity matters, including the security of our information systems, anticipated sources of future material cyber risks and how management is addressing any significant potential vulnerability. The Board’s Audit and Compliance Committee receives regular updates on cybersecurity threats and other matters.

In addition to regular updates to the Audit and Compliance Committee, we have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported in a timely manner to the Board and Audit and Compliance Committee.

Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]

Management is responsible for the day-to-day handling of risks facing our Company, including cybersecurity risks. Our CISO, who reports directly to our CDTO, oversees and manages our cybersecurity strategy and related programs.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Our Board has identified the oversight of cybersecurity risks to be one of its priorities, and it receives regular reports from management, including the CDTO and the CISO, on various cybersecurity matters, including the security of our information systems, anticipated sources of future material cyber risks and how management is addressing any significant potential vulnerability. The Board’s Audit and Compliance Committee receives regular updates on cybersecurity threats and other matters. In addition to regular updates to the Audit and Compliance Committee, we have protocols by which certain cybersecurity incidents are escalated within the Company and, where appropriate, reported in a timely manner to the Board and Audit and Compliance Committee.

Cybersecurity Risk Role of Management [Text Block]

Management Oversight—Management is responsible for the day-to-day handling of risks facing our Company, including cybersecurity risks. Our CISO, who reports directly to our CDTO, oversees and manages our cybersecurity strategy and related programs. As the head of our cybersecurity team, both internal and outsourced, our CISO is primarily responsible for assessing and managing risks from cybersecurity threats. The processes by which he is informed about and monitors the prevention, detection,

mitigation and remediation of cybersecurity incidents is described above. He reports information about such risks to the CDTO and other members of senior management, who, in turn, report them to our Board and Audit and Compliance Committee, as appropriate. Our CISO joined us in January 1998 with 13 years of experience in various technology and information security roles within Ardent.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Positions or Committees Responsible [Text Block]

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CISO joined us in January 1998 with 13 years of experience in various technology and information security roles within Ardent.

Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true