US Healthcare Giant CommonSpirit Hit by Possible Ransomware

Written by

One of the largest non-profit healthcare providers in the US has been hit by a suspected ransomware attack which has already impacted multiple locations around the country.

CommonSpirit claims to run over 1000 sites and 140 hospitals in 21 states. In a brief message yesterday it said it had “identified an IT security issue” affecting some facilities.

“We have taken certain systems offline. We are continuing to investigate this issue and follow existing protocols for system outages,” it continued.

“We are grateful to our staff and physicians, who are doing everything possible to minimize the impact to our patients. We take our responsibility to our patients very seriously and apologize for any inconvenience.”

One impacted hospital, MercyOne Des Moines Medical Center, reportedly took certain IT systems offline as a precaution, meaning it currently has no access to electronic health records.

Omaha-based Lakeside Hospital, Creighton University Medical Center – Bergan Mercy, and Immanuel Medical Center are also said to be affected in a similar manner.

There’s no official confirmation yet on what caused the “IT security issue,” although security experts on Twitter are blaming it on ransomware actors.

Researcher Kevin Beaumont cited “IR chatter” as pointing to “ransomware for sure,” while Emsisoft threat analyst Brett Callow said “unconfirmed reports” also blamed extortionists for the incident.

Healthcare remains a top target for ransomware actors. Two-thirds (66%) of global healthcare organizations surveyed by Sophos were hit by ransomware in 2021, up from 34% in 2020.

“CommonSpirit Health is one of the largest hospital chains in the US, so this breach will have enormous consequences,” stated Julia O’Toole, CEO of MyCena Security Solutions.

“According to the organization’s statement, patient care is already being affected and this will have a huge impact on the health and welfare of society. The incident follows a long line of recent security breaches, and once again highlights that no organization can gamble with their cybersecurity today.”

What’s hot on Infosecurity Magazine?