Chain Ransomware Attack on Commonspirit Health IT System Affected 140 Hospitals in 21 States

Possibly the most significant cyber-attack so far: The IT system holding hospital records of about 20 million Americans has been found to be compromised, resulting in cancer treatment appointment delays and ambulance route diversions.

10 October 2022

CHICAGO (AP) — CommonSpirit Health, an extensive nonprofit health system with 140 hospitals in 21 states, has reported an "IT security issue" that has disrupted operations in several states.

 CommonSpirit Health IT System Affected by Chain Ransomware Attack

The Chicago-based company, formed in 2019 by the merger of Catholic Health Initiatives and Dignity Health, serves 20 million Americans through more than 1,000 care locations across the country.

If patient data is compromised, this attack could be the most prominent medical cyberattack in US history.

It is unknown how many of the 140 hospitals dispersed over 21 states are affected by the breach, but it has already led to cancer appointments being canceled and ambulances being redirected.

The MercyOne Medical Center in Iowa and the second-best medical center in the state of Washington, Virginia Mason Medical Center, are among several that have been impacted.

The St. Michael Medical Center in Washington and the CHI Memorial Hospital in Tennessee had to postpone necessary surgeries, including CT scans for brain bleeds.

Kathy Kellog, a patient from Washington, was among those impacted. She experienced a minimum five-day delay in her surgery to remove a malignant tumor on her tongue. Her husband Mark told KING-TV, "everything we do today is all on a computer, and without it, you're back to the stone era writing on a tablet." One of the many facilities that took systems offline due to the hack was the hospital they were visiting, Virginia Mason Medical Center.

According to the Des Moines Register, the event happened on Monday and necessitated the transfer of ambulances from the Mercy One Medical Center's emergency room to other hospitals. The Chattanoogan noted that affected facilities included CHI Memorial Hospital.

In a statement released on Tuesday, July 4, 2022, CommonSpirit stated that it has rescheduled some patient visits and taken "some IT systems offline," including electronic health records, as a precaution. It would not specify whether access to patient records occurred. It also didn't determine when the alleged breach was discovered.

The U.S. government has identified the healthcare industry as one of 16 key infrastructure sectors, and healthcare providers are seen as desirable targets for hackers.

Healthcare providers are obligated by law to alert the Department of Health and Human Services if patient data is accessed.


Tech Crunch: US Hospital Chain Commonspirit Health says it Security Issue is Disrupting Services

US News: Patient Care Delayed at Large Hospital Chain After Ransomware Attack

Why Do You Need Our Services

SafeAeon's 24×7 SOC operates ceaselessly to watch over, identify, and counter cyber attacks, ensuring your business remains resilient and unharmed

Watchguard It Infrastructure

24/7 Eyes On Screen

Rest easy with SafeAeon's continuous vigilance for your IT infrastructure. Our dedicated security analysts ensure prompt threat detection and containment.

Cybersecurity Price

Unbeatable Prices

Access cutting-edge cybersecurity products through SafeAeon's unbeatable deals. Premium solutions at competitive prices for top-tier security.

Threat Intelligence

Threat Intelligence

Stay ahead with SafeAeon's researched Threat Intelligence Data. Clients enjoy free access for informed and proactive cybersecurity strategies.

IT Team

Extended IT Team

Seamlessly integrate SafeAeon with your IT team. Strengthen controls against risks and threats with expert recommendations for unified security.

Ready to take control of your Security?

We are here to help

Reach out to schedule a demo with our team and learn how SafeAeon SOC-as-a-Service can benefit your organization