Security News CommonSpirit US nonprofit health system discloses security incident

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,595
CommonSpirit Health, one of the largest nonprofit health systems in the United States, says it took down some of its IT systems because of a security incident that has impacted multiple facilities.

The US health system operates 140 hospitals and more than 1,000 care sites in 21 states, and its team of roughly 150,000 employees and 20,000 physicians provides health services to more than 21 million patients.

CommonSpirit said in a statement published Tuesday that it's "managing an IT security issue that is impacting some of our facilities."

"As a precautionary step, we have taken certain IT systems offline, which may include electronic health record (EHR) and other systems," it added.

CommonSpirit also revealed that the incident forced its IT team to follow outage procedures and minimize disruption.

"Our facilities are following existing protocols for system outages and taking steps to minimize the disruption," it said, confirming ongoing system outages.

"We take our responsibility to ensure the security of our IT systems very seriously."

While the nature of the incident is yet to be disclosed, there are hints that link it to a possible ransomware attack that would explain its broad impact.

Due to this "IT security issue," CommonSpirit also had to reschedule some patient appointments and said affected patients would be notified by the care facility or their provider.

Health facilities and hospitals impacted by this security incident, including Bergan Mercy Hospital, MercyOne Des Moines Medical Center, and multiple Virginia Mason Franciscan Health providers, have reported not being able to access CommonSpirit Health's electronic health records systems.

Doctors told patients who called in to make appointments at CommonSpirit locations that they couldn't schedule any new ones because their computers were down.
 

Gandalf_The_Grey

Level 66
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
5,595
CommonSpirit Health ransomware attack exposed data of 623,000 patients
CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack.

This figure was published today on the U.S. Department of Health breach portal, where healthcare organizations are legally obligated to report data breaches impacting over 500 individuals.

At the start of October, the Illinois-based non-profit health system first informed the public of a cyberattack that took down its IT systems.

CommonSpirit Health is the second largest health system in the United States, operating 140 hospitals and over 1,000 care sites across 21 states, so any disruption in its operation has widespread impact potential.

On December 1, 2022, the organization published the latest results of its internal investigation on the security incident, admitting that the ransomware actors had accessed patient data for the first time.

"Our ongoing investigation shows that the unauthorized third party gained access to certain files, including files that contained personal information," reads the announcement.
 

upnorth

Moderator
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,469
There's a special place in hell waiting for these low-lifes.

giphy2.gif
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top