CommonSpirit Health confirmed that the ransomware attackers had accessed 623,774 patient’s personal information during an October ransomware attack.
Today’s figure was posted on the U.S. Department of Health breach portal. Healthcare organizations have a legal obligation to report data breaches that affect more than 500 people.
The cyberattack on its IT systems was first reported by the Illinois non-profit system of health.
CommonSpirit Health, the 2nd largest US health system, operates 140 hospitals, and more than 1,000 care centers in 21 states. Any disruption to its operations could have a wide impact.
The organization released the most recent results from its internal investigation into the security incident on December 1, 2022. It admitted that ransomware attackers had gained access to patient data for only the second time.
An announcement .
We are continuing to review these files and discovered that certain files contained information about individuals who might have been served in the past by Franciscan Medical Group or Franciscan Health in Washington. CommonSpirit Health.
Data that were compromised included:
- Please enter your full name
- Phone number
- Date of birth
- A unique identification that is used internally only by the company
According to the company, insurance IDs as well as medical records numbers were not possible for ransomware attackers.
Although the organization stated that it would notify all affected individuals, they didn’t reveal the exact number of patients.
was sent to affected individuals. It stated that the data had been exposed from September 16 to October 3 2022. This is when the ransomware agents were able to gain unauthorized access CommonSpirit Health’s network.
CommonSpirit Health is not yet revealing the identity of the ransomware attackers, nor has any criminal organization claimed the responsibility.