Skip to main content
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Digital Health
    • Transformation
    • ESG
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Blogs
    • AI
    • Deals
    • Layoff Tracker
    • HIMSS 2023
  • Opinion
    • Breaking Bias
    • Commentaries
    • Letters
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • 40 Under 40
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Hospital at Home
    • - Workplace of the Future
    • - AI and Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Sponsored Video Series - One on One
    • Sponsored Video Series - Checking In with Dan Peres
  • Data & Insights
    • Data & Insights Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • Newsletters
  • MORE+
    • Contact Us
    • Advertise
    • Media Kit
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Legal
January 04, 2023 12:30 PM

CommonSpirit Health sued over data breach involving 600,000 patients

Crain's Chicago Business
Katherine Davis
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    GettyImages-1356364268.jpg
    Getty

    Chicago-based Catholic hospital chain CommonSpirit Health has been hit with a proposed class-action lawsuit over its month-long data breach at the end of last year that impacted more than 600,000 patients.

    The lawsuit alleges that CommonSpirit was negligent in protecting patients from the threat of cyberattacks that leak private and sensitive patient health, insurance and financial information, and can put consumers at a heightened risk for identity theft and financial fraud. The complaint argues that CommonSpirit had "inadequate" data security measures to protect and secure patient information. Read the complaint below.

    Not a Modern Healthcare subscriber? Sign up today.

    CommonSpirit operates 140 hospitals and more than 1,000 care sites across 21 states. Though CommonSpirit is headquartered in Chicago, it does not operate any hospitals in Illinois.

    Facilities affected in the cyberattack include those in Iowa, Nebraska, Tennessee and Washington. The suit says there are at least 100 members in the proposed class, though the U.S. Department of Health & Human Services' Office for Civil Rights reports that more than 623,700 people were affected. CommonSpirit serves 20 million patients at its facilities across the country, according to the suit. HHS is now investigating CommonSpirit's breach.

    The suit was filed Dec. 29 in U.S. district court for Northern Illinois by Leeroy Perkins, a Washington resident and patient at CommonSpirit's Virginia Mason Franciscan Health hospital in Seattle. Since the breach, Perkins said he has been required to spend valuable time monitoring his various accounts and changing passwords to protect his information. The suit seeks damages in excess of $5 million and injunctive relief for Perkins and all others similarly situated.

    Attorneys for Perkins and a CommonSpirit representative did not immediately respond to a request for comment.

    CommonSpirit first reported in early October that it was dealing with an IT security issue that was disrupting operations at some of its facilities. About a week later, the health system confirmed it was the victim of a cyberattack and was forced to take patient portals and some electronic health records offline.

    Electronic health records are crucial to modern day hospital operations. They allow physicians, nurses and other caretakers to see patient history, scans, medication and other details about treatment plans.

    The cyberattack wasn't resolved until a month later, when CommonSpirit said it had reinstated most EHRs at its hospitals and care sites. At the time, CommonSpirit said that upon discovering the ransomware attack, the organization mobilized to protect its systems while continuing to give care to patients.

    Download Modern Healthcare’s app to stay informed when industry news breaks.

    Health systems have increasingly become targets for cybercriminals. According to research from Protenus, a Baltimore health care compliance company, there were 905 reported health data breaches in 2021, up 19% from 758 the year before.

    In Chicago, Duly Health & Care, formerly known as DuPage Medical Group, reported a data breach in 2021 that affected more than 600,000 patients. In 2019, Rush disclosed a data breach that exposed 45,000 people.

    More recently, local health systems have also been dealing with patient data breaches after using internet tracking technologies from companies like Google and Facebook parent Meta, which help health systems collect details about how patients and others interact with their websites. Advocate Aurora Health, Northwestern Medicine and Rush System for Health have each been sued over the issue.

    This story first appeared in Crain's Chicago Business.

    Related Articles
    CommonSpirit Health confirms cyberattack that stretches into second week
    CommonSpirit Health attack part of ongoing cybersecurity concerns
    CommonSpirit Health says 'IT security issue' disrupts operations
    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    cigna-headquarters-AP_954324192665-web_i_i.jpg
    Cigna agrees to $172M Medicare fraud settlement
    legal money settlement.png
    Lab testing scheme results in $372 million judgment
    Most Popular
    1
    Centene to lay off 2,000 workers
    2
    How health systems are battling price-gouging allegations
    3
    Senate advances bill to temporarily aid hospitals, health centers
    4
    Elevance, Blue Cross Louisiana halt $2.5B proposed deal
    5
    Tower Health to sell urgent care centers, close others
    Sponsored Content
    Daily Dose Newsletter: Sign up to receive a late afternoon weekday roundup of that day’s breaking news and developments in healthcare.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Help Center
    • Advertise with Us
    • Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Digital Health
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • ESG
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Blogs
      • AI
      • Deals
      • Layoff Tracker
      • HIMSS 2023
    • Opinion
      • Breaking Bias
      • Commentaries
      • Letters
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • 40 Under 40
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Hospital at Home
        • - Workplace of the Future
        • - AI and Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Sponsored Video Series - One on One
      • Sponsored Video Series - Checking In with Dan Peres
    • Data & Insights
      • Data & Insights Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • Newsletters
    • MORE+
      • Contact Us
      • Advertise
      • Media Kit
      • Jobs
      • People on the Move
      • Reprints & Licensing