Details are emerging on how an “IT security incident” at CommonSpirit Health is disrupting hospital operations across the country as some facilities have been forced to revert to using paper charts and have diverted ambulances.
CommonSpirit Health, one of the nation’s largest health systems, said Tuesday an unspecified security incident was affecting multiple regions and interrupting access to electronic health records. As a precautionary step, some systems were taken offline as a result of the incident, the system said.
When asked whether the incident was a ransomware attack, CommonSpirit told Healthcare Dive on Tuesday they were unable to provide more details.
Some patient procedures have been rescheduled as a result of the IT security issue.
News reports from local outlets are helping paint a picture of the scope and severity of the incident.
Hospitals in Iowa, Washington, Texas and Nebraska have been affected by the security issue after problems were first reported in Chattanooga, Tennessee.
In Iowa, the Des Moines Register reported ambulances were diverted Monday for a short period of time from MercyOne Des Moines Medical Center, a CommonSpirit facility, to other emergency rooms.
In Washington, the Kitsap Sun reported the inability to access electronic health records has forced providers to revert to using paper charts.
One woman told the Kitsap Sun she “noticed growing stacks of paper behind the front desk counter, including on the floor, where staff appeared to be keeping ever-growing amounts of patient information that couldn’t be logged online.”
She accompanied her sister to an appointment on Tuesday but the Virginia Mason Franciscan Health providers were unaware of the scheduled visit, seemingly due to the inability to access certain IT systems.
In Houston, St. Luke’s began rescheduling appointments due to the issue, the Houston Chronicle reported.
Chicago-based CommonSpirit operates 140 hospitals and more than 1,500 sites of care across 21 states.
The FBI and Cybersecurity and Infrastructure Security Agency did not respond to a request for comment by the time of publication.
One cybersecurity analyst said the incident is a big deal due to the many facilities CommonSpirit operates.
It appears the incident is limited to CommonSpirit, Brett Callow, threat analyst at Emsisoft, said.
“Disruptions to patient care can have an impact on outcomes in the longer term too,” Callow said.