The parent firm of Virginia Mason Franciscan Health was recently the target of a ransomware assault, the healthcare system disclosed earlier this week.
The organization linked to 10 VMFH hospitals spread across the Puget Sound region, CommonSpirit Health, stated some patients' names, addresses, phone numbers, and dates of birth were included in leaked files while the cyberattack was being investigated. Additionally included were special IDs that the hospital utilized internally (not insurance IDs or medical record numbers).
According to Chad Burns, a spokeswoman for CommonSpirit, it's unclear how many patients were impacted. The firm acknowledged that there is currently no proof that any private information has been "misused."
“We apologize for any concern this may cause. CommonSpirit Health and its affiliated entities … take the protection and proper use of personal information very seriously.” CommonSpirit said in a statement.
Midway through October, the Chicago-based healthcare organization revealed it had become the victim of ransomware, a type of malicious software. Patients and professionals in the Puget Sound region had started to notice system disruptions at VMFH institutions. MyChart, a patient interface used to maintain electronic health data, medicines, and test results, was unavailable for roughly two weeks as the business took some systems offline and started looking into the issue. Appointments were canceled or rescheduled.
Earlier this week, CommonSpirit acknowledged that between September 16 and October 3, an "unauthorized third party" had acquired access to some areas of its network. According to the statement, the third party might have had access to patients' private information over those two weeks.
Since then, the statement stated, electronic systems have been brought back online with more security and monitoring measures.
CommonSpirit, which operates 140 hospitals throughout 21 states, alerted the authorities and is still assisting with the investigation. The business claimed that it took action to safeguard its technological equipment, control the situation, and preserve the continuity of care.
St. Michael Medical Center in Silverdale, St. Anne in Burien, St. Anthony in Gig Harbor, St. Clare in Lakewood, St. Elizabeth in Enumclaw, St. Francis in Federal Way, and St. Joseph in Tacoma are among the VMFH facilities in Washington.
No other information was revealed on whether the cyberattack also impacted patient data from CommonSpirit's other facilities across the nation because the investigation is still underway, according to Burns.
Beginning on Thursday, CommonSpirit intends to mail letters to all impacted patients. Additionally, it urged patients of VMFH institutions to check their healthcare accounts for accuracy and notify their physician or insurer of any odd services or expenditures.