CommonSpirit Data Breach Confirmed


CommonSpirit Health, the second-largest non-profit hospital chain operating in the United States of America, has confirmed that patient data was accessed during a recent ransomware attack. The attack occurred between September 16, 2022, and October 3, 2022; it was detected in October.

Upon detection of the attack, CommonSpirit Health immediately took some of its systems offline in order to secure its network. This caused significant disruptions, but the organization insists that there was no negative impact on patient care. Additionally, its Dignity Health, Virginia Mason Medical Center, TriHealth, and Centura Health facilities were not affected by the attack.

Further investigations have confirmed that the actors behind the ransomware attack gained access to patient records at Virginia Mason Franciscan Health, an affiliated entity of CommonSpirit Health. This entity includes the following facilities:  St. Michael Medical Center, St. Anne Hospital, St. Anthony Hospital, St. Clare Hospital, St. Elizabeth Hospital, St. Francis Hospital, and St. Joseph Hospital. These are all part of the Franciscan Medical Group and Franciscan Health.

In its Notice of Data Security Incident, CommonSpirit Health advised the following:

“Though CommonSpirit has no evidence that any personal information has been misused as a result of the incident, it is always prudent for patients to review health care statements for accuracy and report any services or charges that were not incurred to the provider or insurance carrier.”

However, the review of affected health records is ongoing, and the total number of affected files has yet to be confirmed. The patient files known to have been accessed include details of the patient and their family or caregivers.