CommonSpirit Health Updates Estimated Cost from Ransomware Attack

The cost of the October 2022 attack is expected to increase to $160 million.

By HFT Staff


CommonSpirit Health has provided an updated estimate on the cost of its October 2022 ransomware attack, which is expected to increase to $160 million. The ransomware attack was detected by CommonSpirit Health on October 2, 2022, forcing systems to be taken offline. The attack affected over 100 current and former CommonSpirit facilities in 13 states. The forensic investigation determined hackers first gained access to its network on September 16, 2022, and were ejected on October 3, 2022. The attackers stole data from two file servers, although they did not gain access to its medical record system. The stolen files contained the protected health information of almost 624,000 patients. 

CommonSpirit Health operates 143 hospitals and around 2,300 other healthcare facilities in 22 states and is the second-largest non-profit health system in the United States. CommonSpirt’s first quarter results show total revenues from the 3 months to March 31, 2023, of $8.3 billion, and $25.6 billion for the 9 months to March 31. In the first quarter of 2023, CommonSpirit reported $648 million in operating losses and $1.1 million in losses for the 9 months to March 31. Net losses of $231 million and $445 million were reported for the 3- and 9-month periods due to improved investment returns. CommonSpirit said the ransomware attack did not have any impact on the current quarter’s operating results. 

The ransomware attack was initially estimated to cost around $150 million, but a further $10 million in costs has been added to that figure. The increased cost factors in lost revenues due to business interruption, costs incurred remediating the ransomware attack, and other business-related expenses. In a call with investors, CommonSpirit explained that most of the $160 million is expected to be recovered from underwriters, although recovery of the costs is expected to take some time. CommonSpirit also confirmed in its quarterly report that it is facing a class action lawsuit over the ransomware attack and data breach. The lawsuit was filed in December 2022 in the U.S. District Court for the Northern District of Illinois and alleges negligence due to the failure to implement reasonable and appropriate security measures to protect patient data. The lawsuit seeks damages for the plaintiff and class exceeding $5 million, injunctive relief and legal costs. 



June 1, 2023


Topic Area: Maintenance and Operations , Security


Recent Posts

Designing for Access: Addressing Pharmacy Deserts with Flexible Solutions

Design is an increasingly important consideration for closing the gap in pharmaceutical access.


Baylor Scott & White Health Set to Open New Texas Medical CenterĀ 

The new 40-acre campus will offer communal green spaces, more than two miles of trails, health and wellness events and activities for everyone to enjoy.


The Future of Backup Power Systems in Healthcare Facilities

Manufacturers discuss what trends are shaping the future of backup power systems in healthcare.


Infection Control is Key to Ongoing Measles Outbreak

Infection control is essential to protecting both patients and staff from contracting measles.


Kaiser Permanente to Open New Parker Medical Offices

It also announced it's in the early stages of planning a rebuild and expansion of its Westminster Medical Offices.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.