Privacy Breach Notice, 12/01/2022. Learn more. | IT Issue update
As you are aware, on October 2, 2022, CommonSpirit Health experienced a ransomware attack that impacted some of our systems. Our ongoing investigation shows that the unauthorized third party gained access to certain files, including files that contained personal information. While our review of these files is ongoing, we identified that some of these files contained personal information for individuals who may have received services in the past, or affiliates of those individuals, from Franciscan Medical Group and/or Franciscan Health in Washington state.
CommonSpirit Health has no evidence that any personal information has been misused as a result of the incident. We are notifying individuals whose personal information was in those files. To read more about that notice, please visit this Privacy Breach Notice, 12/01/2022 page.
As previously shared, our teams continue to work diligently to bring systems online and restore full functionality as quickly and safely as possible, including electronic health records (EHRs). Providers in the majority of markets now have access to the EHR across the CommonSpirit Health system, including at hospitals and clinics. In addition, most patients can again review their medical histories through the patient portal and we are working to restore appointment scheduling capabilities to the portal in cases where that feature exists. In the meantime, patients should contact their provider’s office directly to schedule an appointment.
We care deeply about our patients and regret any challenges or frustration they may have experienced as a result of this incident. Thank you to our patients, providers, staff and partners as we continue navigating the response and restoration process.
CommonSpirit Health has been managing a response to a cyberattack impacting some of our facilities. Providing the highest quality of care to our patients remains our utmost priority. This webpage provides relevant updates on the ongoing situation to our patients, employees and caregivers. We care deeply about our patients and regret any challenges or frustration they may have experienced as a result of this incident.
Upon discovering the ransomware attack, the CommonSpirit organization quickly mobilized to protect our systems, contain the incident, begin an investigation, and maintain continuity of care. Impacted facilities have been following existing protocols, which included taking certain systems offline, such as electronic health records (EHR) and patient portals. It’s important to note that there has been no impact to clinic, patient care and associated systems at Dignity Health, Virginia Mason Medical Center, TriHealth or Centura Health facilities.
For the parts of our health system that have seen impacts on operations, we’re working diligently every day to bring systems online and restore full functionality as quickly and safely as possible. Providers in the majority of markets now have access to the electronic health record (EHR) across the CommonSpirit Health system, including at hospitals and clinics. In addition, most patients can again review their medical histories through the patient portal and we are working to restore appointment scheduling capabilities to the portal in cases where that feature exists. In the meantime, patients should contact their provider’s office directly to schedule an appointment.
To further assist and support our team in the investigation and response process, we engaged leading cybersecurity specialists and notified law enforcement. We recognize that our stakeholders may have questions about their data, and we continue to conduct a thorough forensics investigation and review of our systems – which, in part, seeks to determine if any data was impacted.
Central to our decision-making has been and will continue to be our ability to carry out our mission in a manner that is safe and effective to those we serve. At CommonSpirit Health, we are dedicated to meeting the needs of the communities we serve and are guided by our core set of values, which include integrity, excellence, and collaboration. We are grateful to our committed staff and physicians, who are doing everything possible to mitigate the impact to our patients and maintain continuity of care.
We have been managing a response to a cyberattack that has impacted some of our facilities. As previously shared, upon discovering the ransomware attack, we took immediate steps to protect our systems, contain the incident, begin an investigation, and maintain continuity of care.
Yes, our facilities are following existing protocols. Patient care remains our utmost priority. We care deeply about our patients and regret any challenges or frustration they may have experienced as a result of this incident. Thank you to our patients, providers, staff and partners as we continue navigating the response and restoration process.
Our facilities are following existing protocols. That includes steps to facilitate clinician and patient communication, document patient care, and support our caregivers in following safety processes and standards.
The investigation determined that an unauthorized third party gained access to certain portions of our network between September 16, 2022 and October 3, 2022. During that time, the unauthorized third party may have gained access to certain files, including files that contained personal information. While our review of these files is ongoing, we are notifying individuals whose personal information was identified in files associated with services provided by Franciscan Medical Group and/or Franciscan Health in Washington state. A letter has been sent via U.S. mail beginning on December 1, 2022. CommonSpirit Health has no evidence that any personal information has been misused as a result of the incident.
CommonSpirit is conducting a thorough investigation of the incident. The investigation is ongoing.
While our review of the files that may be impacted is ongoing, we are notifying individuals whose personal information was identified in files associated with services provided by Franciscan Medical Group and/or Franciscan Health in Washington state. CommonSpirit is notifying certain individuals who may have received services in the past from Franciscan Medical Group and/or Franciscan Health, or family members or caregivers of such individuals. Franciscan Medical Group and/or Franciscan Health are located in Washington state. For information about that update, please visit this Privacy Breach Notice, 12/01/2022 page.
On October 2, 2022, CommonSpirit detected activity on our IT network that we later determined was ransomware. We immediately took steps to secure the network, which included proactively taking certain systems offline, and began an investigation with the assistance of leading external cybersecurity specialists. The investigation determined that an unauthorized third party gained access to certain portions of our network between September 16, 2022 and October 3, 2022. During that time, the unauthorized third party may have gained access to certain files, including files that contained personal information. CommonSpirit has no evidence that any personal information has been misused as a result of the incident.
On December 15, 2022. CommonSpirit notified one of its joint ventures. St Luke’s Diagnostic Cath Lab, Diagnostic Heart Center (“DHC”), located in Houston, Texas, that the unauthorized third party accessed a file that contained the personal information of some patients, patient guarantors, and some staff or credentialed practitioners of DHC.
At the direction of DHC, CommonSpirit is notifying individuals whose personal information was identified in this file. Letters to affected individuals were sent via U.S. mail, beginning on February 9, 2023.
CommonSpirit has established a special call center with a trusted third party partner, Kroll, to answer specific questions from impacted individuals about this event. To contact this special call center, please call 1-866-674-3010, Monday through Friday from 8:00 a.m. to 5:30 p.m. Central Time excluding U.S. holidays.
CommonSpirit is conducting a thorough investigation of the incident and our review of the files potentially accessed is ongoing.
Yes. Most patients can again review their medical histories through the patient portal and we are working to restore appointment scheduling capabilities to the portal in cases where that feature exists. In the meantime, patients should contact their provider’s office directly to schedule an appointment.
Scheduling appointments through the patient portal may be available in some markets, so patients who have that option can use it again.
For the parts of our health system that have seen impacts on operations, we are working diligently every day to bring systems online and restore full functionality as quickly and safely as possible. We will post relevant updates to our website (this page).
We will post relevant updates to our website (this page).
Central to our decision-making has been and will continue to be our ability to carry out our mission in a manner that is safe and effective to those we serve. At CommonSpirit Health, we are dedicated to meeting the needs of the communities we serve and are guided by our core set of values, which include integrity, excellence, and collaboration. We are grateful to our staff and physicians who are doing everything possible to mitigate the impact to our patients and maintain continuity of care.
For vendors with a need to have additional technical specifications, please fill out the following form.