CommonSpirit Health confirms cyberattack that stretches into second week

Nationwide hospital system CommonSpirit Health confirmed that it was victim to a cyberattack that’s now in its second week of impacting some hospitals and other care sites.

News of an IT threat surfaced last week after the health system said it was dealing with a security issue that affected electronic health records. CommonSpirit, which operates 140 hospitals across 21 states, said in a statement late Wednesday that technology systems serving San Francisco-based Dignity Health and Virginia Mason Medical Center in Seattle have suffered "minimal impacts."

The Washington Post previously reported that facilities in Iowa, Nebraska, Tennessee and Washington were among those affected.

CommonSpirit, which is headquartered in Chicago but doesn’t have any Illinois hospitals, said it has tapped the help of cybersecurity specialists and notified law enforcement of the cyberattack. Its facilities are following protocol, which includes taking some electronic health records offline.

Electronic health records are crucial to modern day hospital operations. They allow physicians, nurses and other caretakers to see patient history, scans, medication and other details about treatment plans.

Download Modern Healthcare’s app to stay informed when industry news breaks.

The Catholic health system is still conducting a forensics investigation and reviewing its systems to determine potential impacts.

Despite the cyberattack, CommonSpirit says its patients are still receiving high-quality care.

"Patient care remains our utmost priority and we apologize for any inconvenience this matter has created," the health system said in a statement.

This story first appeared in our sister publication, Crain's Chicago Business.