CommonSpirit Health ransomware attack

CommonSpirit Health ransomware attack exposed personal data of 623K patients

The ransomware attack on CommonSpirit Health, the second largest nonprofit health system in the country, was initially reported back in October. After looking into the matter, the healthcare provider said they discovered that between September 16 and October 3 an outsider accessed some areas of CommonSpirit’s network without authorization.

On December 1st, the health system informed the Office for Civil Rights of the United States Department of Health and Human Services about the breach. A total of 623,700 persons may have had their sensitive medical data stolen, as reported by the Office for Civil Rights’ internet breach portal.

The Catholic health organization said it was still reviewing the files, but it could confirm that some personal information of people who may have gotten services at Franciscan Medical Group or Franciscan Health in Washington state had been exposed. St. Michael Medical Center, St. Francis Hospital, St. Joseph Hospital, St. Francis Health, St. Clare Health, St. Francis Hospital, St. Anthony Health, St. Anne Health, and St. Elizabeth Health are all affiliated with Franciscan Health.

Several of CommonSpirit Health’s hospitals experienced a disruption in their IT services, which the company is now attributing to a ransomware attack. The Catholic health company said that it has alerted law enforcement and recruited “renowned cybersecurity specialists” to assist with its forensics investigation, one week after it announced an “IT security incident” that triggered EHR shutdowns and appointment cancellations.

As soon as CommonSpirit learned of the ransomware attack, it “took urgent actions to protect our systems, control the event, launch an investigation, and assure continuity of care,” according to a statement sent out via email. Furthermore, it said, “The greatest standard of care is still being provided to patients, and we are keeping everyone informed as we learn new information. Our top concern will always be the care of our patients, and we are sorry for any trouble this may have caused.”

According to CommonSpirit, its facilities are following recognized system outage policies, which involve putting some systems, like its EHRs, offline. The Chicago-based network serves approximately 2,200 locations in 21 states through its 142 hospitals. It has caused disruptions in systems in multiple states as a result of the attack, including Nebraska, Tennessee, Texas, Washington, and Iowa.

Source: fiercehealthcare