Jump to content
  • CommonSpirit Health ransomware attack exposed data of 623,000 patients

    alf9872000

    • 373 views
    • 2 minutes
     Share


    • 373 views
    • 2 minutes

    CommonSpirit Health has confirmed that threat actors accessed the personal data for 623,774 patients during an October ransomware attack.

     

    This figure was published today on the U.S. Department of Health breach portal, where healthcare organizations are legally obligated to report data breaches impacting over 500 individuals.

     

    At the start of October, the Illinois-based non-profit health system first informed the public of a cyberattack that took down its IT systems.

     

    CommonSpirit Health is the second largest health system in the United States, operating 140 hospitals and over 1,000 care sites across 21 states, so any disruption in its operation has widespread impact potential.

     

    On December 1, 2022, the organization published the latest results of its internal investigation on the security incident, admitting that the ransomware actors had accessed patient data for the first time.

     

    "Our ongoing investigation shows that the unauthorized third party gained access to certain files, including files that contained personal information," reads the announcement.

     

    "While our review of these files is ongoing, we identified that some of these files contained personal information for individuals who may have received services in the past, or affiliates of those individuals, from Franciscan Medical Group and/or Franciscan Health in Washington state." - CommonSpirit Health.

     

    The type of data that was compromised includes:

    • Full name,
    • address,
    • phone number(s),
    • date of birth,
    • and a unique ID used only internally by the organization

     

    The company clarified that insurance IDs and medical record numbers could not have been exposed to the ransomware actors.

     

    The organization promised to contact all impacted individuals with notifications but didn't disclose the number of affected patients at the time.

     

    In the notification sent to impacted individuals, the company said the data was exposed on September 16 through October 3, 2022, which is the time during which the ransomware actors maintained unauthorized access to CommonSpirit Health's network.

     

    At this time, CommonSpirit Health has not disclosed the ransomware group that conducted the attack, and no criminal operation has claimed responsibility.

     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...