CommonSpirit ransomware attack exposes the personal information of over 623,000 patients

A ransomware attack in October accessed 623,774 patients’ patient information, according to Chicago-based CommonSpirit Health.

Beginning in early October, the cyberattack caused significant IT outages and consultation instabilities across the health system’s nationwide network of hospitals.

This figure was made public on the U.S. Department of Health breach portal, where healthcare organizations are required by law to report data breaches affecting more than 500 people.

According to CommonSpirit, someone obtained personal information from Franciscan Health and/or Franciscan Medical Group in Washington state. According to an investigation, hackers gained access to portions of CommonSpirit’s network between September 16, 2022 and October 3, 2022.

On December 1, 2022, the organization published the latest findings of its internal investigation into the security incident, admitting for the first time that the ransomware actors had accessed patient data.

Names, addresses, dates of birth, phone numbers, and unique internal IDs used only by CommonSpirit could have been among the information accessed. The health system stated that it has no evidence that any of the information was misused and has begun notifying those who have been affected.

The sources for this piece include an article in Bleepingcomputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web