The Latest on the CommonSpirit Health Ransomware Attack

CommonSpirit Health continues to deal with the fallout of a large-scale cyber-attack that impacted several patient-facing operations, including online portals, appointment scheduling and surgeries.

CommonSpirit Health is one of the largest healthcare providers in the U.S., with more than 140 hospitals and 700 care sites spread over 21 states.

In early October, CommonSpirit Health confirmed they were responding to a “major IT issue” that took several of their systems offline. A person close to the remediation efforts suspected the outage was a ransomware attack, which CommonSpirit Health confirmed in the statement below, along with more information on the ongoing mitigation efforts.

“As previously shared, upon discovering the ransomware attack, we took immediate steps to protect our systems, contain the incident, begin an investigation, and ensure continuity of care. Our facilities are following existing protocols, which includes taking certain systems offline, such as electronic health records and patient portals. In addition, we are taking steps to mitigate the disruption and maintain continuity of care. To further assist and support our team in the investigation and response process, we engaged leading cybersecurity specialists and notified law enforcement.”

How Did the CommonSpirit Health Ransomware Attack Impact Hospitals?

CommonSpirit Health quickly released a statement confirming that clinic, patient care and associated systems at Dignity Health, Virginia Mason Medical Center, TriHealth and Centura Health facilities were not impacted by the ransomware attack. CommonSpirit did acknowledge that other sites had experienced operational impact but did not provide locations or affiliate names.  

However, several hospitals have acknowledged they were impacted by the ransomware attack  including CHI Memorial Hospital in Tennessee, a portion of St. Luke’s hospitals in Texas, and Virginia Mason Franciscan Health in Seattle.

How Did the Common Spirit Health Ransomware Attack Impact Patients?

CommonSpirit Health patients felt the impact of the ransomware account in several instances, including an outage of the online patient portal and experience scheduling delays.

Perhaps the most concerning report is from the St. Luke hospital system in Texas, where the cyber-attack reportedly delayed a major surgery due to the surgeon’s concern that post-operation care would be delayed because of the ransomware attack.

In terms of patient data or personally identifiable information, CommonSpirit Health states that they are in the process of a forensic investigation, and they will determine if any data was impacted as part of the process. So, stay tuned to learn more on that front!

More importantly, CommonSpirit Health patients are still able to get care at hospitals and affiliates based on their latest update. While they have acknowledged patient portals are still experiencing outages, CommonSpirit Health stated that their facilities are able to see patients without issue.

For more information on the CommonSpirit ransomware attack, please go to www.commonspirit.org/update.

The Healthcare Industry and Ransomware

While CommonSpirit Health may be in the headlines today, the truth is they are not the first or last healthcare provider that will be impacted by a ransomware attack.

OakBend Medical, Methodist McKinney Hospital, Yuma Regional Medical Center, Christus Health and an unidentified Missouri hospital are just a few of the other big name healthcare organizations that have reportedly  been impacted by ransomware in 2022 alone.

So unfortunately, news of yet another attack on a large healthcare provider is not a huge surprise. In fact, according to a recent report from Sophos, 66 percent of healthcare organizations reported being hit with ransomware last year, an alarming increase from 34 percent in 2020. 

The report also found that 44 percent of healthcare organizations took “up to a week” to recover from a ransomware attack in 2021, and 25 percent took up to a month to recover. The average time for healthcare organizations to recover was one week.

The Human Impact of Ransomware Attacks Targeting Healthcare

In the healthcare industry, that period of downtime can have dire effects that go far beyond monetary losses or breached data. Consequences from the inability to access medical data or healthcare services can impact the patients, such as this instance where a major surgery was delayed or even more severe consequences, including patient deaths.

In 2020 a German hospital was forced to re-route a woman who needed emergency services due to their systems being shutdown from a ransomware attack. The woman was sent to a facility 20 miles away, but she tragically passed away in transit before arriving. 

More recently, a lawsuit was filed against an Alabama hospital alleging that a ransomware attack was responsible for removing safeguards that would have prevented the death of a newborn during surgery.

Did You Know October is Cybersecurity Awareness Month?

In support of Cybersecurity Awareness Month 2022, the Schneider Downs cybersecurity team is introducing a library of cybersecurity resources to help keep cybersecurity top-of-mind every day—at home, in the office and everywhere in between.

Explore the new resources at www.schneiderdowns.com/ncsam.

About Schneider Downs Cybersecurity

The Schneider Downs cybersecurity practice consists of expert practitioners offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. In addition, our Digital Forensics and Incident Response teams are available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident of any kind.

To learn more, visit our dedicated Cybersecurity page or contact the team at [email protected]

Want to be in the know? Subscribe to our bi-weekly newsletter, Focus on Cybersecurity.

You’ve heard our thoughts… We’d like to hear yours

The Schneider Downs Our Thoughts On blog exists to create a dialogue on issues that are important to organizations and individuals. While we enjoy sharing our ideas and insights, we’re especially interested in what you may have to say. If you have a question or a comment about this article – or any article from the Our Thoughts On blog – we hope you’ll share it with us. After all, a dialogue is an exchange of ideas, and we’d like to hear from you. Email us at [email protected].

Material discussed is meant for informational purposes only, and it is not to be construed as investment, tax, or legal advice. Please note that individual situations can vary. Therefore, this information should be relied upon when coordinated with individual professional advice.

© 2023 Schneider Downs. All rights-reserved. All content on this site is property of Schneider Downs unless otherwise noted and should not be used without written permission.

our thoughts on
Norton Believes Credential Stuffing Attack Led to LifeLock Breach
Why Cybersecurity Programs are Facing Increased Scrutiny from Private Equity Firms
Start The New Year Off Secure: 5 Cybersecurity Resolutions for 2023
TikTok: Spreading Holiday Cheer and Personal Information
Cybersecurity BY David Murphy
Key Benefits of Server Message Block Signing
SEC and PCAOB Developments Conference Day 1
Register to receive our weekly newsletter with our most recent columns and insights.
Have a question? Ask us!

We’d love to hear from you. Drop us a note, and we’ll respond to you as quickly as possible.

Ask us
contact us

This site uses cookies to ensure that we give you the best user experience. Cookies assist in navigation, analyzing traffic and in our marketing efforts as described in our Privacy Policy.

×