A ransomware attack detected on Thanksgiving is forcing Lovelace Health System to reroute emergency room patients and reschedule specific surgeries.

Tennessee-based Ardent Health Services, Lovelace’s parent company, said it shut down its network after it became aware last Thursday of the digital attack . The company said an investigation is ongoing, and that it reported the incident to law enforcement.

Lovelace’s hospitals in New Mexico are affected by the ransomware attack, spokeswoman Whitney Marquez said. Other states with Ardent-owned hospitals also have been impacted.

Marquez said patients who need emergency care are being diverted to nearby hospitals. She also said some elective, non-emergent procedures are being rescheduled “out of an abundance of caution.”

She said there’s no way to gauge how many patients have been diverted, and it’s unclear how many surgeries Lovelace has rescheduled.

“We are working quickly to restore access and establish a timeline for returning to normal operations,” she said. “We are monitoring the situation closely and will adjust our status as we are able.”

Marquez said the system is continuing to treat patients in its hospitals, emergency rooms and clinics “with no adverse impacts.” The Lovelace Medical Group clinics were closed on Monday because of the cybersecurity incident.

“Safely caring for patients remains our highest priority,” she said.

It was unclear if any patient health or financial information had been leaked as of Monday afternoon.

Patients with appointments that need to be rescheduled will be contacted directly by the Lovelace team, Marquez said. She said patients with questions can contact their provider’s office.

The cyberattack comes shortly before a major leadership transition at the health system. In about two weeks, Troy Greer will step in as CEO and president, overseeing Lovelace’s six hospitals, 33 health clinics and seven outpatient therapy clinics in the state.

Ardent also has facilities in Texas, Oklahoma, New Jersey, Idaho and Kansas.