+1 206 446 0600 umv@merysolsecurity.com

CommonSpirit discloses security incident

CommonSpirit US nonprofit health system discloses security incident

Bleeding Computer reported on October 5th, that CommonSpirit Health, one of the largest nonprofit health systems in the United States, took down some of its IT systems because of a security incident that has impacted multiple facilities.

The US health system operates 140 hospitals and more than 1,000 care sites in 21 states, and its team of roughly 150,000 employees and 20,000 physicians provides health services to more than 21 million patients.

CommonSpirit said in a statement published Tuesday, October 4th, that it is “managing an IT security issue that is impacting some of our facilities.” “As a precautionary step, we have taken certain IT systems offline, which may include electronic health record (EHR) and other systems,” it added.

CommonSpirit also revealed that the incident forced its IT team to follow outage procedures and minimize disruption. “Our facilities are following existing protocols for system outages and taking steps to minimize the disruption,” it said, confirming ongoing system outages.

“We take our responsibility to ensure the security of our IT systems very seriously.”

While the nature of the incident is yet to be disclosed, there are hints that link it to a possible ransomware attack that would explain its broad impact.

Due to this “IT security issue,” CommonSpirit also had to reschedule some patient appointments and said affected patients would be notified by the care facility or their provider.

Health facilities and hospitals impacted by this security incident, including Bergan Mercy HospitalMercyOne Des Moines Medical Center, and multiple Virginia Mason Franciscan Health providers, have reported not being able to access CommonSpirit Health’s electronic health records systems.

Doctors told patients who called in to make appointments at CommonSpirit locations that they couldn’t schedule any new ones because their computers were down.  

Among the consequences of the CommonSpirit Health incident:

Besides taking some IT systems and records offline, CommonSpirit Health said “we have rescheduled some patient appointments.”

The Des Moines Register reported that MercyOne Des Moines Medical Center had diverted ambulances for “a short time.”

Multiple CHI Health facilities in Omaha were affected, the Omaha World-Herald reported.

CHI Memorial hospital in Chattanooga, Tenn., reported problems identical to the CommonSpirit Health statement, according to the Chattanoogan.

In Washington, St. Michael Medical Center delayed critical procedures — including a CT scan to check on a brain bleed — patients and families told the Kitsap Sun. In other parts of the state, health-care workers told the Tacoma News Tribune that “the disruption was having serious impact on normal functions such as charting, lab results reporting, history gathering, obtaining records on allergy information and more.”

You May Also Like …


Submit a Comment

Your email address will not be published. Required fields are marked *