- CommonSpirit Health said last week the personal information of patients and their family and caregivers may have been accessed by ransomware attackers.
- The system said it discovered that cyberattackers gained access to portions of its network between Sept. 16 and Oct. 3.
- The impacted people may have received services from certain facilities of Virginia Mason Franciscan Health, a CommonSpirit entity.
The latest update from CommonSpirit paints a clearer picture of the cybersecurity incident the health system first announced early October.
The attackers gained access to certain files, including those that contained personal information, CommonSpirit said in a statement released Thursday.
Some of the files contained names, addresses, phone numbers, birth dates and a unique ID used internally.
“CommonSpirit has no evidence that any personal information has been misused as a result of the incident,” the system said in a statement.
Initially, the health system provided few details about the nature of the incident that forced CommonSpirit to take certain systems offline as a precaution.
The ransomware attack has interrupted access to electronic health records and delayed patient care in multiple regions. Security experts previously told Healthcare Dive that mergers can pose “huge” cybersecurity risks to health systems like CommonSpirit.
Law enforcement is still investigating the incident, CommonSpirit said.
The Chicago-based system was formed three years ago following a megamerger between San Francisco-based Dignity Health and Colorado-based Catholic Health Initiatives. It’s one of the nation’s largest health systems with 142 hospitals spanning 21 states.
In November, CommonSpirit tapped Daniel Barchi to take the helm as chief information officer. Barchi, who has a military background, most recently served as CIO at NewYork-Presbyterian.