Source 1 | 2022-10-04
“Chicago-based CommonSpirit Health was the victim of an IT security incident that is impacting its facilities across the country, Kitsap Sun reported Oct. 3. A spokesperson for Seattle-based Virginia Mason Franciscan Health told Kitsap Sun, "Virginia Mason Franciscan Health's parent company CommonSpirit Health is managing an IT security incident, which is impacting some of our facilities.“
“"As a precautionary step, we have taken certain IT systems offline, which may include electronic health record systems and other systems," the spokesperson told the newspaper. "Our facilities are following existing protocols for system outages and taking steps to minimize the disruption. We take our responsibility to ensure the privacy of our patients and IT security very seriously. As a result of this incident, we have rescheduled some patient appointments." Other CommonSpirit facilities affected by the IT incident include Omaha, Neb.-based CHI Health hospitals, including Lakeside Hospital, Creighton University Medical Center-Bergan Mercy and Immanuel Medical Center. “
“It is unknown if patient information was compromised due to the IT incident. “
Source 2 | 2022-12-05
“CommonSpirit Health issued an update on the ransomware attack that brought down multiple hospitals across the country for more than a month, confirming the threat actors first gained network access weeks before the attack and patient data was, indeed, accessed. “
“The impact was much smaller than originally projected, as was the data impact. The total number of patients has yet to be shared on the Department of Health and Human Services breach reporting tool, but the breach notice shows only health information from Franciscan Medical Group and/or Franciscan Health in Washington was accessed — a small fraction when considering the scope of CommonSpirit’s reach and overall hospital outages.“
“The notice also shows that hospital networks were taken offline proactively to contain the spread and secure the network. With support from an external cybersecurity specialist, the investigation found that the attackers first gained access on Sept. 16, using the dwell time to access files of certain current and former patients, as well as some family members. “
Source 3 | 2023-02-15
“The ransomware attack and subsequent month-long network outage at CommonSpirit Health in October cost the major health system at least $150 million to date, according to its unaudited quarterly financial report. “
“The “adverse financial impact” of the cyber incident is tied to the associated business interruption, remediation costs, and other related business expenses. “
“The health system posted $925 million in operating losses for the second half of 2022, of which the cyber incident was just a small portion. However, those losses were significantly larger than the year prior during the same period: just $128 million. “
“The disruptions, however limited in scope, were noticeable for the impacted hospitals. Clinicians leveraged protocols for handling system outages, but CHI Memorial was forced to reschedule some patient procedures. Virginia Mason Franciscan Health, another CommonSpirit affiliate, was also hard hit by the disruptions and saw its data stolen amid the hack. “
Cybersecurity for Critical Infrastructure
SecuLore provides Managed Detection and Response (MDR) to protect our nation’s critical infrastructure from cyber threats. Our expertise is built on deep knowledge of 9-1-1 technology, cyberwarfare, and ethical hacking, ensuring the highest level of cybersecurity for public safety agencies.
