An unauthorized third-party accessed CommonSpirit Health’s infrastructure between September 16 and October 3, 2022, exposing files with protected data from Virginia Mason Franciscan Health hospitals and clinics, according to the health system.
WHY IT MATTERS
CommonSpirit sent letters today informing affected individuals that their name, address, phone number(s), date of birth and a unique identification number that is not a medical record number or an insurance ID may have been exposed.
“While a review of these files is ongoing, CommonSpirit identified that some of this data included personal information for individuals who may have received services in the past, or family members or caregivers of those individuals, from Franciscan Medical Group and/or Franciscan Health in Washington state,” said CommonSpirit officials in the statement.
While a review of these files is ongoing, the breach affected protected data associated with a number of hospitals that are now part of Virginia Mason Franciscan Health, owned by Chicago-based CommonSpirit. Those hospitals are:
- St. Joseph Hospital in Tacoma.
- St. Francis Hospital in Federal Way.
- St. Elizabeth Hospital in Enumclaw.
- St. Clare Hospital in Lakewood.
- St. Anthony Hospital in Gig Harbor.
- St. Anne Hospital, formerly Highline Hospital, in Burien.
- St. Michael Medical Center, formerly Harrison Hospital, in Bremerton and Silverdale.
THE LARGER TREND
A major ransomware attack on CommonSpirit Health announced in October disrupted medical operations across several states for nearly two weeks while the company worked to bring its electronic health record systems back online.
The breach had also affected hospitals at Virginia Mason Franciscan Health, taking its patient portal information and scheduling system offline, according to a local report.
Earlier this month, CommonSpirit named Daniel Barchi as its new chief information officer. Barchi previously served as CIO at both Yale New Haven Health System and Yale School of Medicine, where he led EHR integrations and launched a cybersecurity operations center.
ON THE RECORD
“Upon discovering the ransomware attack, CommonSpirit quickly mobilized to protect its systems, contain the incident, begin an investigation and maintain continuity of care,” health system officials said.
Andrea Fox is senior editor of Healthcare IT News.
Healthcare IT News is a HIMSS publication.