Skip to main content
Sister Publication Links
  • ESG: THE NEW IMPERATIVE
Subscribe
  • Sign Up Free
  • Login
  • Subscribe
  • News
    • Current News
    • COVID-19
    • Providers
    • Insurance
    • Government
    • Finance
    • Technology
    • Safety & Quality
    • Transformation
    • People
    • Regional News
    • Digital Edition (Web Version)
    • Patients
    • Operations
    • Care Delivery
    • Payment
    • Midwest
    • Northeast
    • South
    • West
  • Digital Health
  • Insights
    • ACA 10 Years After
    • Best Practices
    • Special Reports
    • Innovations
  • Opinion
    • Bold Moves
    • Breaking Bias
    • Commentaries
    • Letters
    • Vital Signs Blog
    • From the Editor
  • Events & Awards
    • Awards
    • Conferences
    • Galas
    • Virtual Briefings
    • Webinars
    • Nominate/Eligibility
    • 100 Most Influential People
    • 50 Most Influential Clinical Executives
    • Best Places to Work in Healthcare
    • Excellence in Governance
    • Health Care Hall of Fame
    • Healthcare Marketing Impact Awards
    • Top 25 Emerging Leaders
    • Top 25 Innovators
    • Diversity in Healthcare
      • - Luminaries
      • - Top 25 Diversity Leaders
      • - Leaders to Watch
    • Women in Healthcare
      • - Luminaries
      • - Top 25 Women Leaders
      • - Women to Watch
    • Digital Health Transformation Summit
    • ESG: The Implementation Imperative Summit
    • Leadership Symposium
    • Social Determinants of Health Symposium
    • Women Leaders in Healthcare Conference
    • Best Places to Work Awards Gala
    • Health Care Hall of Fame Gala
    • Top 25 Diversity Leaders Gala
    • Top 25 Women Leaders Gala
    • - Hospital of the Future
    • - Value Based Care
    • - Supply Chain
    • - Hospital at Home
    • - Workplace of the Future
    • - Digital Health
    • - Future of Staffing
    • - Hospital of the Future (Fall)
  • Multimedia
    • Podcast - Beyond the Byline
    • Sponsored Podcast - Healthcare Insider
    • Video Series - The Check Up
    • Sponsored Video Series - One on One
  • Data Center
    • Data Center Home
    • Hospital Financials
    • Staffing & Compensation
    • Quality & Safety
    • Mergers & Acquisitions
    • Data Archive
    • Resource Guide: By the Numbers
    • Surveys
    • Data Points
  • MORE +
    • Contact Us
    • Advertise
    • Media Kit
    • Newsletters
    • Jobs
    • People on the Move
    • Reprints & Licensing
MENU
Breadcrumb
  1. Home
  2. Legal
January 04, 2023 01:30 PM

CommonSpirit Health sued over data breach involving 600,000 patients

Crain's Chicago Business
Katherine Davis
  • Tweet
  • Share
  • Share
  • Email
  • More
    Reprints Print
    GettyImages-1356364268.jpg
    Getty

    Chicago-based Catholic hospital chain CommonSpirit Health has been hit with a proposed class-action lawsuit over its month-long data breach at the end of last year that impacted more than 600,000 patients.

    The lawsuit alleges that CommonSpirit was negligent in protecting patients from the threat of cyberattacks that leak private and sensitive patient health, insurance and financial information, and can put consumers at a heightened risk for identity theft and financial fraud. The complaint argues that CommonSpirit had "inadequate" data security measures to protect and secure patient information. Read the complaint below.

    Not a Modern Healthcare subscriber? Sign up today.

    CommonSpirit operates 140 hospitals and more than 1,000 care sites across 21 states. Though CommonSpirit is headquartered in Chicago, it does not operate any hospitals in Illinois.

    Facilities affected in the cyberattack include those in Iowa, Nebraska, Tennessee and Washington. The suit says there are at least 100 members in the proposed class, though the U.S. Department of Health & Human Services' Office for Civil Rights reports that more than 623,700 people were affected. CommonSpirit serves 20 million patients at its facilities across the country, according to the suit. HHS is now investigating CommonSpirit's breach.

    The suit was filed Dec. 29 in U.S. district court for Northern Illinois by Leeroy Perkins, a Washington resident and patient at CommonSpirit's Virginia Mason Franciscan Health hospital in Seattle. Since the breach, Perkins said he has been required to spend valuable time monitoring his various accounts and changing passwords to protect his information. The suit seeks damages in excess of $5 million and injunctive relief for Perkins and all others similarly situated.

    Attorneys for Perkins and a CommonSpirit representative did not immediately respond to a request for comment.

    CommonSpirit first reported in early October that it was dealing with an IT security issue that was disrupting operations at some of its facilities. About a week later, the health system confirmed it was the victim of a cyberattack and was forced to take patient portals and some electronic health records offline.

    Electronic health records are crucial to modern day hospital operations. They allow physicians, nurses and other caretakers to see patient history, scans, medication and other details about treatment plans.

    The cyberattack wasn't resolved until a month later, when CommonSpirit said it had reinstated most EHRs at its hospitals and care sites. At the time, CommonSpirit said that upon discovering the ransomware attack, the organization mobilized to protect its systems while continuing to give care to patients.

    Download Modern Healthcare’s app to stay informed when industry news breaks.

    Health systems have increasingly become targets for cybercriminals. According to research from Protenus, a Baltimore health care compliance company, there were 905 reported health data breaches in 2021, up 19% from 758 the year before.

    In Chicago, Duly Health & Care, formerly known as DuPage Medical Group, reported a data breach in 2021 that affected more than 600,000 patients. In 2019, Rush disclosed a data breach that exposed 45,000 people.

    More recently, local health systems have also been dealing with patient data breaches after using internet tracking technologies from companies like Google and Facebook parent Meta, which help health systems collect details about how patients and others interact with their websites. Advocate Aurora Health, Northwestern Medicine and Rush System for Health have each been sued over the issue.

    This story first appeared in Crain's Chicago Business.

    Related Articles
    CommonSpirit Health confirms cyberattack that stretches into second week
    CommonSpirit Health attack part of ongoing cybersecurity concerns
    CommonSpirit Health says 'IT security issue' disrupts operations
    Letter
    to the
    Editor

    Send us a letter

    Have an opinion about this story? Click here to submit a Letter to the Editor, and we may publish it in print.

    Recommended for You
    drugs_money
    Drugmakers restrict 340B sales after appellate court ruling
    Screen Shot 2019-12-16 at 12.15.15 PM.png
    Prosecutors outline fraud case against Outcome Health co-founders, former COO
    Most Popular
    1
    More healthcare organizations at risk of credit default, Moody's says
    2
    Centene fills out senior executive team with new president, COO
    3
    SCAN, CareOregon plan to merge into the HealthRight Group
    4
    Blue Cross Blue Shield of Michigan unveils big push that lets physicians take on risk, reap rewards
    5
    Bright Health weighs reverse stock split as delisting looms
    Sponsored Content
    Daily Dose Newsletter: Sign up to receive a late afternoon weekday roundup of that day’s breaking news and developments in healthcare.
    Get Newsletters

    Sign up for enewsletters and alerts to receive breaking news and in-depth coverage of healthcare events and trends, as they happen, right to your inbox.

    Subscribe Today
    MH Magazine Cover

    MH magazine offers content that sheds light on healthcare leaders’ complex choices and touch points—from strategy, governance, leadership development and finance to operations, clinical care, and marketing.

    Subscribe
    Connect with Us
    • LinkedIn
    • Twitter
    • Facebook
    • RSS

    Our Mission

    Modern Healthcare empowers industry leaders to succeed by providing unbiased reporting of the news, insights, analysis and data.

    Contact Us

    (877) 812-1581

    Email us

     

    Resources
    • Contact Us
    • Advertise with Us
    • Ad Choices Ad Choices
    • Sitemap
    Editorial Dept
    • Submission Guidelines
    • Code of Ethics
    • Awards
    • About Us
    Legal
    • Terms and Conditions
    • Privacy Policy
    • Privacy Request
    Modern Healthcare
    Copyright © 1996-2023. Crain Communications, Inc. All Rights Reserved.
    • News
      • Current News
      • COVID-19
      • Providers
      • Insurance
      • Government
      • Finance
      • Technology
      • Safety & Quality
      • Transformation
        • Patients
        • Operations
        • Care Delivery
        • Payment
      • People
      • Regional News
        • Midwest
        • Northeast
        • South
        • West
      • Digital Edition (Web Version)
    • Digital Health
    • Insights
      • ACA 10 Years After
      • Best Practices
      • Special Reports
      • Innovations
    • Opinion
      • Bold Moves
      • Breaking Bias
      • Commentaries
      • Letters
      • Vital Signs Blog
      • From the Editor
    • Events & Awards
      • Awards
        • Nominate/Eligibility
        • 100 Most Influential People
        • 50 Most Influential Clinical Executives
        • Best Places to Work in Healthcare
        • Excellence in Governance
        • Health Care Hall of Fame
        • Healthcare Marketing Impact Awards
        • Top 25 Emerging Leaders
        • Top 25 Innovators
        • Diversity in Healthcare
          • - Luminaries
          • - Top 25 Diversity Leaders
          • - Leaders to Watch
        • Women in Healthcare
          • - Luminaries
          • - Top 25 Women Leaders
          • - Women to Watch
      • Conferences
        • Digital Health Transformation Summit
        • ESG: The Implementation Imperative Summit
        • Leadership Symposium
        • Social Determinants of Health Symposium
        • Women Leaders in Healthcare Conference
      • Galas
        • Best Places to Work Awards Gala
        • Health Care Hall of Fame Gala
        • Top 25 Diversity Leaders Gala
        • Top 25 Women Leaders Gala
      • Virtual Briefings
        • - Hospital of the Future
        • - Value Based Care
        • - Supply Chain
        • - Hospital at Home
        • - Workplace of the Future
        • - Digital Health
        • - Future of Staffing
        • - Hospital of the Future (Fall)
      • Webinars
    • Multimedia
      • Podcast - Beyond the Byline
      • Sponsored Podcast - Healthcare Insider
      • Video Series - The Check Up
      • Sponsored Video Series - One on One
    • Data Center
      • Data Center Home
      • Hospital Financials
      • Staffing & Compensation
      • Quality & Safety
      • Mergers & Acquisitions
      • Data Archive
      • Resource Guide: By the Numbers
      • Surveys
      • Data Points
    • MORE +
      • Contact Us
      • Advertise
      • Media Kit
      • Newsletters
      • Jobs
      • People on the Move
      • Reprints & Licensing