A ransomware attack in October accessed 623,774 patients’ patient information, according to Chicago-based CommonSpirit Health.
Beginning in early October, the cyberattack caused significant IT outages and consultation instabilities across the health system’s nationwide network of hospitals.
This figure was made public on the U.S. Department of Health breach portal, where healthcare organizations are required by law to report data breaches affecting more than 500 people.
According to CommonSpirit, someone obtained personal information from Franciscan Health and/or Franciscan Medical Group in Washington state. According to an investigation, hackers gained access to portions of CommonSpirit’s network between September 16, 2022 and October 3, 2022.
On December 1, 2022, the organization published the latest findings of its internal investigation into the security incident, admitting for the first time that the ransomware actors had accessed patient data.
Names, addresses, dates of birth, phone numbers, and unique internal IDs used only by CommonSpirit could have been among the information accessed. The health system stated that it has no evidence that any of the information was misused and has begun notifying those who have been affected.
The sources for this piece include an article in Bleepingcomputer.