vladimircaribb - stock.adobe.com

CommonSpirit Ransomware Attack Impacted Patient Data at Virginia Mason Franciscan Health

CommonSpirit issued a breach notice to patients of Virginia Mason Franciscan Health in Washington state following a large-scale ransomware attack.

Following a ransomware attack that had varying impacts across CommonSpirit Health facilities, the health system has issued a breach notice to patients of Virginia Mason Franciscan Health in Washington state.

CommonSpirit confirmed that during the ransomware attack, an unauthorized party potentially gained access to certain files containing personal information belonging to patients who received care or family members of those who received care at Franciscan Health.

Franciscan Health includes St. Anne Hospital, St. Elizabeth Hospital, St. Anthony Hospital, St. Clare Hospital, St. Francis Hospital, St. Joseph Hospital, and St. Michael Medical Center.

It is unclear at the time of publication exactly how many individuals were impacted by the ransomware attack. CommonSpirit is actively reviewing the files but has so far confirmed that some files contained names, dates of birth, addresses, phone numbers, and unique IDs used internally by the organization.

“Upon discovering the ransomware attack, CommonSpirit quickly mobilized to protect its systems, contain the incident, begin an investigation, and maintain continuity of care,” the notice stated. 

“In addition, CommonSpirit notified law enforcement and is supporting their ongoing investigation.  Once secured, systems were returned to the network with additional security and monitoring tools.”

There has been no evidence that any personal information has been misused as a result of the attack.

As previously reported, the CommonSpirit ransomware attack resulted in appointment cancellations and forced some facilities to take EHR systems and patient portals offline temporarily as a precaution.

Next Steps

Dig Deeper on Healthcare data breaches