CommonSpirit Health says patient data was stolen during ransomware attack – TechCrunch

Chicago-based medical giant CommonSpirit Health has confirmed that an October ransomware attack exposed the personal data of more than 620, 000 patients.

CommonSpirit Wellness, which operates more than 700 care sites and 142 hospitals in 21 states, first verified an “IT security issue” on October 5. At the time, the company declined to comment on the nature of the incident, which interrupted access to electronic health records and delayed patient care in multiple regions, and refused to say  whether patient information or health data was compromised.

In a December update , CommonSpirit confirmed that the incident was a ransomware attack. The organization said that threat actors gained access to portions of its network between September 16 plus October 3 and, during that period, “may have gained entry to certain files, including documents that contained personal information” belonging in order to patients who received treatment or family members of those who received care at Franciscan Health, a  12-hospital affiliate of CommonSpirit Wellness.

CommonSpirit notes that while its investigation is ongoing, this information includes names, addresses, phone numbers, dates of birth and unique ID numbers used internally by the particular organization. The company declared that attackers did not access medical record numbers of insurance IDs, and states it has seen no evidence that any personal information has been misused as a result of the assault.

The up-date doesn’t say how many users were impacted by the data breach. However, as first spotted by Bleeping Computer , the U. S. Department of Health data infringement portal — where healthcare organizations are legally obligated to report data breaches impacting a lot more than 500 individuals —   confirms that danger actors accessed the individual data associated with 623, 774 patients throughout the CommonSpirit ransomware strike.

“Upon discovering the ransomware attack, CommonSpirit quickly mobilized to protect its systems, contain the incident, begin a good investigation, and maintain continuity of care, ” the company’s updated notice states.   “CommonSpirit notified law enforcement and is supporting their continuing investigation. Once secured, systems were returned to the system with additional security and monitoring tools. ”

The particular company has not yet attributed the attack to a particular ransomware group, and  CommonSpirit spokesperson Chad Burns failed to immediately respond to our request for remark.   TechCrunch has checked the dark  leak websites of several major ransomware groups, but none appear to possess yet claimed responsibility for the attack.

At least 15 Oughout. S. wellness systems operating 61 hospitals across the particular country have been impacted by ransomware so far within 2022, according to Brett Callow, threat analyst at Emsisoft. In at least 12 of these incidents, sensitive data, including personal health information, was compromised.


Leave a Reply

Your email address will not be published. Required fields are marked *