Cyberattack may have affected 100 CommonSpirit facilities in 13 states
por
John R. Fischer, Senior Reporter | April 12, 2023
Cyber Security
Health IT
A cyberattack in late 2022 may have affected hundreds of current and former CommonSpirit facilities.
A cyberattack in late 2022 may have affected over 100 CommonSpirit Health facilities across 13 states.
An unauthorized third-party who gained access to the network between Sept. 16 and Oct. 3 was behind the attack, and while they did not access the organization’s EHR system, they did obtain files from two servers containing data on patients, including names, addresses, dates of birth, dates of service, medical record numbers, provider names, diagnosis and treatment information, and health insurance information.
The healthcare system previously said the attack potentially affected just St. Luke’s Diagnostic Heart Center, in Houston, and Virginia Mason Franciscan Health. in Seattle. It now says it may have impacted 21 organizations in Texas, 14 in Nebraska, 14 in North Dakota, 13 in Kentucky, 10 in Washington state, six in Arkansas, six in Minnesota, five in Tennessee, five in Ohio, four in Oregon, three in Georgia, three in Iowa, and one in Pennsylvania.
“Upon discovering the ransomware attack, CommonSpirit quickly mobilized to protect its systems, contain the incident, begin an investigation, and maintain continuity of care. In addition, CommonSpirit notified law enforcement,” said the healthcare system in a statement.
Back in December, CommonSpirit told regulators that the attack compromised the information of more than 624,000 people.
Damages were over $150 million, including in revenue lost from interrupted access to medical records and delayed care in multiple regions last year. Operations did not return to normal for over a month.
An investigation was launched and completed on February 21, 2023.
CommonSpirit began notifying patients impacted on April 6.
|
|
You Must Be Logged In To Post A Comment
|