IT Security Incident Affects Multiple Facilities Across CommonSpirit Health

One of the most significant health systems in the country, CommonSpirit Health, said that the IT security breach happened on Monday, October 3, 2022.

CommonSpirit Health, a faith-based healthcare organization, located throughout the Midwest, recently experienced an unfortunate security incident. At first glance, this security incident may appear innocuous since it only involved exposing sensitive patient information. However, the ramifications extend far beyond a breach of privacy.

In light of these developments, we have compiled a brief overview of the CommonSpirit Health IT security incident to help you identify potential vulnerabilities in your environment.

What Happened?

According to reports, a hack on CommonSpirit Health System that is still ongoing compromised facilities in Tennessee, Nebraska, and Washington. EHRs (Electronic Health Records) are currently among the offline IT systems, and patient visits have since been rescheduled.

The number of facilities impacted by the issue, which started on Monday, is still unknown, as is the number of patient records.

According to a statement from CommonSpirit, “as a result of this situation, we have rescheduled some patient visits in several of our communities.” If a patient’s appointment is impacted, their provider and care facility will contact them directly.

One of the largest health systems in the nation, based in Chicago, runs 142 hospitals and more than 2,200 care facilities throughout 21 states.

It stated, “We take our responsibility to safeguard patient privacy and IT security very seriously.”

According to CHI (Catholic Health Initiatives), the facilities are adhering to procedures for system failures and “[are] taking steps to minimize the disturbance.”

Why This Matters?

In 2019, Trinity Health and CHI merged to create CommonSpirit Health, a new nonprofit Catholic health system with a presence in 21 states.

According to The Chattanoogan.com in Tennessee, the hacking attack impacted the neighborhood of CHI Memorial hospital. According to the report, CHI officials said several patient procedures had to be rescheduled, and some systems had to be shut down.

The Virginia Mason Franciscan Health in Seattle has also stated that the outage has affected their systems. St. Joseph Medical Center in Tacoma is one of the hospitals and clinics in the Puget Sound region run by VMFH. Given this, patients could not access MyChart, an online patient portal.

CommonSpirit is one of several renowned nonprofit health systems reporting significant losses for the most recent fiscal year.

In 2022, the company recorded losses of $1.85 billion.

Wright Lassiter, formerly with Henry Ford Health, was recently named by
CommonSpirit as its new CEO and Lloyd Dean’s replacement.

Protected Harbor’s Take on the Matter

“An ounce of prevention is worth a pound of cure, right? Well, this holds true when it comes to cybersecurity as well as in the case of the CommonSpirit health incident. Even the most diligent and well-intentioned companies can be the victim of a data breach. With the GDPR in effect, it’s now a matter of public record if your data has been stolen.” – Richard Luna, CEO of Protected Harbor.

It is a proven fact that most cyberattacks happen due to negligence. Therefore, it is imperative to have a reliable security system to protect you from all sorts of online threats. At the same time, it is equally essential for you to keep your operating systems, antiviruses, firewalls, and patches up to date with the latest versions available. Without regular updates, your system can become vulnerable to cyber-attacks. Therefore, it is essential that you keep track of all the updates and install them at the right time.

MFA (Multi-Factor Authentication) and IAM (Identity Access Management) are the primary security requirements we suggest all businesses implement to have an extra layer of security.

Cybersecurity awareness should be an integral part of your business plan. It doesn’t matter if you are a large corporation or a small business; cybersecurity is critical for everyone.

For more information, check out a quick guide to proactive cybersecurity measures.

Final Thoughts

Unfortunately, many businesses are unaware of the significance a robust security plan has and thus remain vulnerable to cyber threats. If you are concerned about your business’s security and want a foolproof security plan, then hiring an expert can help you.

Protected Harbor offers a range of security services, including a Web Application Firewall (WAF), data breach response, email security, ransomware security, and cloud security to businesses of all sizes. We keep your data and systems secure, help you comply with regulations, and meet your documentation requirements. Our products are easy to use and come with 24/7 support.

Our focus on ease of use, transparency, and value for your dollar sets us apart from the competition. Protected Harbor is one of the best-reviewed cybersecurity providers. We have a 90+ Net Promoter Score.

Even if you feel you have a solid security plan, it can’t work if it’s not in use. A security audit of your network and systems is equally as important. With that being said, Protected Harbor is here to help and will be offering free cybersecurity assessments for all healthcare providers. Contact us today.