CommonSpirit Health Provides Update on October 2022 Ransomware Attack

Over 160 different facilities were affected by the incident.

By HFT Staff


CommonSpirit Health has issued an update about its October 2022 ransomware attack and has confirmed that patients from 164 facilities were affected by the attack and had their sensitive data exposed or stolen. CommonSpirit Health detected the ransomware attack on October 2, 2022, and the forensic investigation revealed unauthorized individuals had access to its systems between September 16, 2022, and October 3, 2022. 

In December 2022, CommonSpirit Health confirmed that the threat actor responsible for the attack had stolen patient data prior to encrypting files and said patients of Franciscan Medical Group/Franciscan Health and Virginia Mason Franciscan Health facilities had been affected. Those individuals were notified about the data breach in December. In February 2023, CommonSpirit Health issued a further update confirming the attackers also obtained the data of patients of St. Luke’s Diagnostic Cath Lab, Diagnostic Heart Center in Houston, TX, and sent notifications to those individuals in February. 

The latest update on the ransomware attack was issued on April 6, 2023, and confirmed that the breach affected patients who had received care at certain facilities operated by Catholic Health Initiatives, Dignity Health, Centura Health, and MercyOne and shared a list of 164 hospitals and care sites that are known to have been affected. The investigation confirmed that the attackers had access to two file servers that contained files that included patient data such as names, addresses, birth dates, phone numbers, email addresses, dates of service, medical record numbers, healthcare provider names, diagnosis/treatment information, medical billing/claims information, patient facility associated account/encounter numbers, and health insurance information and, for a small number of individuals, Social Security numbers. 

CommonSpirit Health said the delay in issuing the latest notifications was due to the incredibly time-consuming review of all files stored on those file servers to determine if they contained patient data, and which patients had been affected. The initial phase of that process was completed on February 21, 2023, and then accurate address information needed to be found to allow notifications to be sent. 

CommonSpirit Health reported the data breach to the HHS’ Office for Civil Rights on December 1, 2022, as affecting 623,774 individuals.  That total has not been updated since, and CommonSpirit Health has not publicly confirmed at this stage exactly how many individuals have been affected. Given the number of hospitals now known to have been affected, that total is likely to increase by a substantial amount. 



April 19, 2023


Topic Area: Information Technology


Recent Posts

Design, Compartmentation, Training: How Defend-in-Place Strategies Can Protect Patients

Effective defend-in-place strategies depend on compartmentation, fire-rated assemblies and ongoing staff training to protect patients who cannot quickly evacuate.


Milestone Marked with Topping Out Ceremony for BayCare Hospital Manatee

Construction remains on schedule, with crews continuing work on interior spaces, infrastructure and clinical areas throughout the facility.


NYC Health + Hospitals Experiences Third-Party Data Breach

The healthcare organization was notified that a business associate, Solventum Health Information Systems, suffered a data security incident.


Making AI Work for Predictive Maintenance

AI can support predictive maintenance by helping managers anticipate equipment failures, reduce downtime and improve operational efficiency.


Thomas Jefferson University Unveils Plans for Sidney Kimmel Medical College in Allentown, PA

Located at One Center Square, in downtown Allentown, the campus will include more than 54,000 square feet of newly constructed medical education space.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.