CommonSpirit, US health system, disrupted by IT security incident


CommonSpirit Health, the second-largest non-profit hospital chain in the US, reported an IT security issue impacting its facilities.

While CommonSpirit did not specify the nature of the security issue or what facilities were exactly affected, the organization opted to shut down some of its IT systems due to the incident.

“CommonSpirit Health has identified an IT security issue that is impacting some of our facilities. We have taken certain systems offline,” the non-profit said in a statement.

Earlier this week, CommonSpirit said that following an IT security incident, the organization took certain IT systems offline, including electronic health record (EHR) and other systems.

CommonSpirit Health is a major player in the US healthcare sector. The organization operates over 140 hospitals and over 1,000 care sites in 21 states across the country. The organization was formed in 2019 after the merger of Dignity Health and Catholic Health Initiatives.

Some cybersecurity pundits suggest the ‘IT security incident’ CommonSpirit announced is likely a ransomware attack the organization is grappling to contain.

Threat actors often target hospitals since most healthcare organizations have scant cybersecurity budgets and are extremely sensitive to downtime. Hospitals also store extremely sensitive data, making it valuable in the hands of threat actors.

A recent survey showed that two-thirds of healthcare organizations were hit by a ransomware attack last year. The number of affected organizations in the field doubled from 34% in 2020 to 66% last year.

The survey indicates that ransomware attacks against healthcare have become so frequent that some insurers either refuse to take in hospitals or leave the market altogether.