Hospital Chain Says ‘IT Security Issue’ Disrupts Operations

A major nonprofit health system with 140 hospitals in 21 states, CommonSpirit Health, is reporting an “IT security issue” that has disrupted operations in multiple states.

A company spokesperson would not explain the nature of the apparent cyberattack, such as whether the organization’s IT network was hit by ransomware.

The Des Moines Register said the incident occurred Monday and forced the diversion of ambulances from the emergency department of the city’s Mercy One Medical Center to other medical facilities. The Chattanoogan reported that CHI Memorial Hospital was among facilities impacted.

In a statement Tuesday, CommonSpirit said it had taken “certain IT systems offline” including electronic health records as a precaution and rescheduled some patient appointments. It would not say whether patient records were accessed. Nor did it say when the apparent breach was detected.

The Chicago company, formed in 2019 from the alignment of Catholic Health Initiatives and Dignity Health, serves 20 million Americans with more than 1,000 care sites located coast-to-coast.

Health care is classified by the U.S. government as one of 16 critical infrastructure sectors, and health care providers are seen as ripe targets for hackers.

If patient data is accessed, health care providers are required by law to notify the Department of Health and Human Services.

Related: Hackers Leak French Hospital Patient Data in Ransom Fight

Related: Wray: FBI Blocked Planned Cyberattack on Children’s Hospital

Related: German Hospital Hacked, Patient Taken to Another City Dies