Updated on 2022-12-08
Patients of at least seven Washington state hospitals affiliated with CommonSpirit have been impacted by the breach of the hospital chain in October, revealed investigation. Read more: CommonSpirit Health Provides Cyberattack Update and Notification of Data Breach Involving Virginia Mason Franciscan Health in Washington state
Updated on 2022-12-04: CommonSpirit finally notifies of ransomware attack
The second-largest non-profit hospital chain in the U.S. says a ransomware attack allowed cybercriminals to make off with personal information of its patients. In a disclosure (finally…), CommonSpirit declined to say how many patients were affected, but said the attackers were in its network for more than two weeks in September and October. So, about as transparent as mud on a foggy night. Read more:
- CommonSpirit Health Provides Cyberattack Update and Notification of Data Breach Involving Virginia Mason Franciscan Health in Washington state
- CommonSpirit Health Provides Cyberattack Update and Notification of Data Breach Involving Virginia Mason Franciscan Health in Washington state
Updated on 2022-10-12
US hospital network CommonSpirit Health is still struggling to get its IT systems up and running more than a week after they became infected with ransomware. Hospitals are still experiencing IT outages and disruptions to appointments. The attack began around October 3.
Note
- Years ago, all businesses learned that if the power went out in the data center, business stopped. Backup power or facilities were required and became common. Once those were in place, the first power outage pointed out another important requirement: regular testing of switching over to back up mechanisms. These days outsourced (mostly cloud) services are the “new electricity” and those backup processes *and* testing of those processes are needed to reduce the impact that Common Spirit’s customers are reporting.
- Are you prepared to selectively take affected systems offline after an attack to rebuild them? Do you know the interdependencies of such actions? Can you reconcile transactions on connected systems? Dependency mapping, particularly in mature environments can be incredibly difficult, and may necessitate a response posture of taking large numbers of components offline rather than surgically addressing one at a time. Take a lead from actions taken during maintenance windows, typically based on lessons learned, for planning your approach.
Read more in
- CommonSpirit Update
- Hospitals Continue to Suffer Impacts of CommonSpirit IT Security Incident
- Hospital giant’s IT still poorly a week after suspected ransomware infection
- CommonSpirit confirms ransomware attack as U.S. hospitals deal with fallout
Updated on 2022-10-05
A cyberattack affecting CommonSpirit Health has led to IT outages at facilities across the US. CommonSpirit has 142 hospitals and more than 700 care sites in 21 states. CommonSpirit said it took down some IT systems as a precaution. Multiple facilities have said they are operating under electronic health record (EHR) downtime.
Note
- EHR downtime means manual or fallback services are in use. If you have to fall back like this consider how you’re going to communicate with partners and suppliers. Can you fax them an order? Do you want to take the risk of using non-approved services or have vetted backup systems/procedures on standby? Maybe you want to mail that down.
Read more in
- Statement: IT Security Issue
- CommonSpirit Health Suffers IT Outages, EHR Downtime at Multiple Hospitals
- CommonSpirit cyberattack spurs IT outages at CHI Memorial, hospitals across US
- CommonSpirit Health reported an IT security incident affecting facilities in multiple regions
- CommonSpirit Health says it experienced ‘IT security incident’ in multiple regions
- CommonSpirit US nonprofit health system discloses security incident
Overview
An IT security incident at CommonSpirit Health impacted an undisclosed number of facilities that had to turn certain systems offline and reschedule patient procedures. Read more: CommonSpirit Health says it experienced ‘IT security incident’ in multiple regions