Skip to main content
close search
site logo

Details emerge on CommonSpirit’s ‘IT security incident’ as more regions report disruptions

Some CommonSpirit hospitals across the country have been cut off from their electronic health records forcing them to revert to paper charts.

Published Oct. 5, 2022
Samantha Liss's headshot
Senior Reporter
A rendering of an empty hospital corridor with a reception desk.
Ninoon via Getty Images

First published on

Healthcare Dive

Details are emerging on how an “IT security incident” at CommonSpirit Health is disrupting hospital operations across the country as some facilities have been forced to revert to using paper charts and have diverted ambulances.

CommonSpirit Health, one of the nation’s largest health systems, said Tuesday an unspecified security incident was affecting multiple regions and interrupting access to electronic health records. As a precautionary step, some systems were taken offline as a result of the incident, the organization said.

When asked whether the incident was a ransomware attack, CommonSpirit told Healthcare Dive on Tuesday they were unable to provide more details.

Some patient procedures have been rescheduled as a result of the IT security issue.

News reports from local outlets are helping paint a picture of the scope and severity of the incident.

Hospitals in Iowa, Washington, Texas and Nebraska have been affected by the security issue after problems were first reported in Chattanooga, Tennessee.

In Iowa, the Des Moines Register reported ambulances were diverted Monday for a short period of time from MercyOne Des Moines Medical Center, a CommonSpirit facility, to other emergency rooms.

In Washington, the Kitsap Sun reported the inability to access electronic health records has forced providers to revert to using paper charts.

One woman told the Kitsap Sun she “noticed growing stacks of paper behind the front desk counter, including on the floor, where staff appeared to be keeping ever-growing amounts of patient information that couldn’t be logged online.”

She accompanied her sister to an appointment on Tuesday but the Virginia Mason Franciscan Health providers were unaware of the scheduled visit, seemingly due to the inability to access certain IT systems.

In Houston, St. Luke’s began rescheduling appointments due to the issue, the Houston Chronicle reported.

The FBI and the Cybersecurity and Infrastructure Security Agency did not respond to a request for comment by the time of publication.

CommonSpirit, which has a national office in Chicago, operates 140 hospitals and more than 1,500 sites of care across 21 states.

One cybersecurity analyst said the incident is a big deal because of how many locations CommonSpirit operates.

It appears the incident is limited to CommonSpirit, Brett Callow, threat analyst at Emsisoft, said. “Disruptions to patient care can have an impact on outcomes in the longer term too.”

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell