CommonSpirit still working to restore EHR systems after ransomware attack confirmed

A major ransomware attack at CommonSpirit Health has been disrupting medical operations across several states for nearly two weeks, leaving the Chicago-based health system scrambling to maintain patient care while it conducts a forensics investigation and works to bring its electronic health record systems back online.


After several days of cancellations and outage reports at CommonSpirit hospitals and medical facilities across several states, the country’s biggest Catholic health system and second-largest nonprofit hospital chain released a statement this week about the widespread cybersecurity incident. 

CommonSpirit officials said the attack has affected several facilities and that systems serving Dignity Health and Virginia Mason Medical Center are experiencing a minimal impact on operations. 

But local news reports across a number of states provide richer detail into lost access to medical records, delayed medical procedures, canceled appointments, loss of access to patient portals and other disruptions. 

“Patients continue to receive the highest quality of care, and we are providing relevant updates on the ongoing situation to our patients, employees and caregivers. Patient care remains our utmost priority and we apologize for any inconvenience this matter has created,” CommonSpirit officials maintain.

One report indicates 140 medical facilities across 21 states have been affected.

“We are doing the best we can. There’s no end in sight for this,” Kelsay Irby, a nurse at St. Michael Medical Center in Silverdale, Washington, told the Bainbridge Island Review

She said that the outage also affects the payroll system, and staff is calling in sick or quitting.

“Our facilities are following existing protocols for system outages, which includes taking certain systems offline, such as electronic health records. In addition, we are taking steps to mitigate the disruption and maintain continuity of care,” the health system said in the statement.

CommonSpirit’s October 12 statement indicates that the system has engaged cybersecurity specialists and has reported the incident to law enforcement.


Relentless ransomware attacks plaguing all industries can have catastrophic effects when it happens to healthcare operations–barring access to millions of health records and disrupting patient care as well as overburdening already overburdened staff.

The endpoint attacks target security vulnerabilities and once ransomware takes possession of data, it can take weeks just to get systems back online.

Last year, more than 40 million patient records were compromised during reported incidents.


“We continue to conduct a thorough forensics investigation and review of our systems and will also seek to determine if there are any data impacts as part of that process,” said CommonSpirit officials in the health system’s statement.

Andrea Fox is senior editor of Healthcare IT News.
Email: [email protected]

Healthcare IT News is a HIMSS publication.

Source: Read Full Article