CommonSpirit Health cyber attack details slow to emerge

Details have been slow to emerge after CommonSpirit Health was hit by an apparent cyber attack last week. 

CommonSpirit Health, one of the largest health service providers in the United States, confirmed on Oct. 5 it was hit by a cyber attack but it could not confirm how many of its 1,000 care sites that serve 20 million Americans may have been affected

CommonSpirit Health operates nonprofit 140 hospitals in 21 states.

Not-for-profit hospitals are considered to have a “very high” cyber exposure because attackers know that a ransomware attack on a hospital can cause severe disruption. Other very high risk sectors include electric, gas and water utilities.

CommonSpirit Health said it had taken certain systems offline following the “IT security issue”, including electronic health record.

The company said: “Our facilities are following existing protocols for system outages and taking steps to minimize the disruption. We take our responsibility to ensure the security of our IT systems very seriously. As a result of this issue, we have rescheduled some patient appointments. Patients will be contacted directly by their provider and/or care facility if their appointment is impacted.”

Attacks on hospitals have the potential to dramatically impact patient safety. 

An Alabama woman, Teiranni Kidd sued her hospital in 2020 after her baby was born with a severe brain injury and died after her hospital was hit by  a ransomware attack and allegedly didn’t inform her.