"CommonSpirit Health Says Patient Data Was Stolen During Ransomware Attack"

CommonSpirit Health, based in Chicago, has confirmed that an October ransomware attack exposed the personal information of over 620,000 patients. On October 5, CommonSpirit Health, which operates over 700 care sites and 142 hospitals across 21 states, confirmed an Information Technology (IT) security issue. The incident disrupted access to electronic health records and delayed patient care in multiple regions. CommonSpirit confirmed the incident was a ransomware attack in a December update. According to the organization, threat actors gained access to portions of its network between September 16 and October 3. They may have accessed certain files that contain personal information belonging to patients who received care or family members of those who received care at Franciscan Health, a 12-hospital affiliate of CommonSpirit Health. While the investigation is ongoing, CommonSpirit notes that this data includes names, addresses, phone numbers, dates of birth, and unique ID numbers used internally by the organization. The attackers did not gain access to medical record numbers or insurance IDs, and there is no evidence that any personal information was misused as a result of the attack. According to Brett Callow, threat analyst at Emsisoft, at least 15 US health systems operating 61 hospitals across the country have been impacted by ransomware attacks in 2022. Sensitive data, including personal health information, was compromised in at least 12 of these incidents. This article continues to discuss the CommonSpirit Health ransomware attack. 

TechCrunch reports "CommonSpirit Health Says Patient Data Was Stolen During Ransomware Attack"