A US nonprofit healthcare firm announced a security breach

October 7, 2022
US Nonprofit Healthcare Firm Security Breach

One of the largest nonprofit healthcare institutions in the US, CommonSpirit Health, has recently announced suffering from a cybersecurity issue that disrupted some of their IT systems. The healthcare firm mitigated the incident by temporarily taking down the affected servers, impacting many of their internal facilities.

CommonSpirit operates in about 140 hospitals across 21 US states, with over a thousand care sites. With about 150,000 healthcare staff and 20,000 doctors and physicians, the nonprofit healthcare firm caters to over 21 million patients.

 

On October 5, the nonprofit healthcare firm disclosed suffering from a security breach.

 

In a statement they shared last Tuesday, CommonSpirit stated that their institution is currently managing an IT security issue that has impacted some healthcare facilities. Because of the issue, some of their IT systems were taken offline temporarily to ensure that the process would go smoothly, including electronic health records (EHR), among other systems.

The healthcare firm’s IT team also followed appropriate outage procedures and other existing protocols to minimise further operational disruption. CommonSpirit also stated that they are taking full responsibility to ensure the security of their IT systems against potential threats.

CommonSpirit has not shared the cyberattack nature that affected them, although researchers presume that it could be a ransomware incident because of its broad impact on the institution. Nonetheless, this has not yet been confirmed.

The cybersecurity incident also affected CommonSpirit’s patient appointments, forcing them to reschedule. All impacted patients are assured that they will be notified accordingly should more details occur about the incident.

Additionally, the incident in the nonprofit healthcare firm has impacted several other healthcare institutions and hospitals. These institutions include Bergan Mercy Hospital, Virginia Mason Franciscan Health, and MercyOne Des Moines Medical Centre. Based on the reports of these affected institutions, they could not access the EHR systems of CommonSpirit since the security incident.

Physicians and doctors could not also set schedules and appointments for patients because of the temporary taking down of the firm’s IT systems. As of now, the healthcare firm has not given additional comments.

About the author