• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

CommonSpirit Health ransomware attack: Questions and answers

Article

The health system continues to deal with a cyberattack that has affected some systems and led to some patient appointments being canceled or rescheduled.

CommonSpirit Health continues to deal with a ransomware attack that has affected its systems.

A nonprofit, Catholic health system based in Chicago, CommonSpirit operates 140 hospitals and more than 1,500 care sites in 21 states. CommonSpirit offered an update this week on the incident and how the system is responding.

Here are some key questions on the ransomware attack.

Q: When did CommonSpirit Health report the incident?

A: CommonSpirit first reported what it described as an IT security issue on Oct. 5. CommonSpirit issued an update on Oct. 12 confirming that it is dealing with a ransomware attack.

Q: Are hospitals and clinics open?A: Yes. CommonSpirit says its facilities are serving patients, even as the system works to restore systems.

Q: Are patients being affected?

A: In an Oct. 17 update, CommonSpirit said, “There is no impact to clinic, patient care and associated systems at Dignity Health, Virginia Mason Medical Center, TriHealth or Centura Health facilities.” CommonSpirit said other parts of the system “have seen impacts on operations” and the organization is working to restore the systems.

CHI Health, which is part of CommonSpirit, said it has had to reschedule some patient appointments and some systems are temporarily offline. CHI Health also said it is postponing some procedures on a case-by-case basis.

Virginia Mason Franciscan Health has also said some patient appointments were rescheduled or canceled.

CommonSpirit says it is working “to facilitate clinician and patient communication, document patient care, and support our caregivers in following safety processes and standards.”

Q: What is happening with patient portals?

A: Due to the cyberattack, CommonSpirit has had to take some systems offline, including patient portals. “We apologize for this inconvenience and are working diligently every day to bring systems online and restore full functionality as quickly and safely as possible,” CommonSpirit said.

Q: Are electronic health records offline?

A: CommonSpirit says it has taken electronic health records offline, along with patient portals and other systems, to deal with the breach and maintain care.

Virginia Mason Franciscan Health said in an Oct. 17 update that providers are now able to access electronic health records. Virginia Mason also said it expects to restore patient access to MyChart in the coming days, as it makes progress in restoring some systems. CHI Health also said it expects to allow patients to use MyChart in the coming days.

Q: What is CommonSpirit doing to restore systems?

A: CommonSpirit crews are working to get affected systems back online. The organization has also consulted leading cybersecurity experts.

Q: Has patient information been accessed?

A: The health system said it is conducting an investigation to determine if there are any data impacts.

Health systems are required under federal law to report any breach of private health information involving 500 people or more to the U.S. Department of Health and Human Services.

Q: When will all systems be restored and the problems resolved?A: CommonSpirit has yet to provide an estimate. The system said it is working to resolve the issues and resume full operations as quickly, and safely, as possible.

Q: Has CommonSpirit notified authorities?A: Yes, the system said it has contacted law enforcement, but CommonSpirit hasn’t specified which agencies are involved and investigating.

Q: How common are cyberattacks at hospitals and health systems?

A: Hospitals across the country have been hit by cyberattacks. Two out of three healthcare IT professionals (67%) said their organizations had a significant cybersecurity incident in the past 12 months, according to the HIMSS 2021 cybersecurity survey. Cybersecurity experts tell hospital leaders it’s not a question of if they will be hit with an attack, but a question of when.

Millions of Americans have had their records breached across America. In the first half of the year, health department data indicates there were 337 breaches involving a minimum of 500 patient records, but some of those attacks have affected hundreds of thousands of people.

Many hospitals have also had to deal with ransomware attacks, because they know many health systems will pay. Smaller hospitals and systems are also frequent targets, because they have fewer resources to repel cyberattacks.

Q: Is the MercyOne health system affected?

A: MercyOne, based in Iowa, said it has been impacted by the CommonSpirit ransomware attack. Trinity Health recently completed its acquisition of MercyOne in September, but MercyOne continues to use CommonSpirit’s systems. Trinity and CommonSpirit had jointly operated MercyOne.

MercyOne Central Iowa said in a statement its information systems were impacted Oct. 3 as part of CommonSpirit’s IT issue. MercyOne Central Iowa said all facilities are open, although there is “some disruption to normal operations.” Patients can’t schedule appointments online.


Related Videos
Image credit: ©Shevchukandrey - stock.adobe.com
Image: Ron Southwick, Chief Healthcare Executive
Image credit: HIMSS
Related Content
Image credit: ©Roman Babakin - stock.adobe.com

Hospitals, physicians clash over FTC rule banning non-compete agreements

April 25th 2024
Article

The Federal Trade Commission says barring such agreements will help workers. The American Hospital Association says it’s bad policy and that the agency has ‘run amok.’

Why preventive medicine needs more support | Healthy Bottom Line podcast

Why preventive medicine needs more support | Healthy Bottom Line podcast

April 16th 2024
Podcast

Mirza Rahman, president of the American College of Preventive Medicine, talks about the need for more federal support for residency programs and a greater appreciation for population health.

Image credit: ©thodonal - stock.adobe.com

Why hospitals are joining nursing homes in fighting minimum staffing rules

April 24th 2024
Article

The federal government has finalized the first staffing standards for nursing homes. Long-term care facilities say the rule is unrealistic, and hospitals say it could limit post-acute care options.

The rise of third party cyberattacks in healthcare | Data Book podcast

The rise of third party cyberattacks in healthcare | Data Book podcast

March 11th 2024
Podcast

Dan Dodson, the CEO of Fortified Health Security, talks about the risks to hospitals, AI in attacks and defense, and what health systems can do to protect themselves.

Image credit: ©Lightfield Studios - stock.adobe.com

Change Healthcare cyberattack: Many Americans could be affected, hospitals still hurting

April 24th 2024
Article

UnitedHealth Group says it could take months to identify all those impacted. The data breach is posing headaches for hospitals.

Image credit: Lauren Adele Little, for the Hospital + Healthcare Association of Pennsylvania

NPR’s Domencio Montanaro talks about healthcare and the 2024 election

April 23rd 2024
Article

During a discussion at the Hospital + Healthcare Association of Pennsylvania Leadership Summit, NPR's senior political editor discussed the presidential race and key health issues.

© 2024 MJH Life Sciences

All rights reserved.