CommonSpirit Health: how ransomware attacks effect healthcare organizations

Millions of Americans could be impacted by a recent ransomware attack on a significant healthcare organization that manages more than 1,000 hospitals and care centers across 21 states. Oct. 3 saw a cyber-attack against CommonSpirit Health, forcing the healthcare organization to take several computer systems offline as a precautionary measure quickly after becoming aware of the problem. Patients have reported the effects of the cyber-attack on their medical services and treatments, while it is yet unclear whether personal health data was stolen.

140 hospitals and more than 1,000 care locations are run by the Chicago-based organization CommonSpirit spanning 21 states. According to the website for Dignity Health International, a member of the CommonSpirit Health family, CommonSpirit served 20 million patients in 2019.

CommonSpirit verified the incident was ransomware, which is when a cybercriminal organization penetrates a hospital's computer system and encrypts all of its databases, including patient records, making it impossible for anybody to access them. The hackers then typically demand payment in exchange for a decryption key that gives them access to the system once again. Doctors and nurses are effectively treating patients in the dark without access to patient data and other hospital programs, including prescription dispensing systems. Whether patients' sensitive information was taken in the cyberattack is unknown.

After electronic medical records were no longer available as a result of the systems being offline, the ransomware attack had a severe impact on patients. Since the attack, patient care has been described as "awful and unsafe" in online posts by persons claiming to work at CommonSpirit hospitals around the nation. They claim they are treating patients without full access to their digital medical records, and they claim this has resulted in terrible and unsafe patient care.

On Nov. 9, more than a month after the ransomware assault, CommonSpirit issued an update in which it stated that it was still attempting to return its systems up and restore full operation as swiftly and safely as possible. The health system announced that electronic health records are now available throughout its system, including at hospitals and clinics, and that the majority of patients can once again review their medical histories through the patient portal. It also said that it is working to restore the portal's ability to schedule appointments.

Threat actors might target healthcare providers in the United States for two main reasons. One of the main reasons healthcare is such a target is the unique and intricate nature of such environments. Large volumes of personal information, payment information, and medical research may be stored by healthcare providers. They may also operate corporate networks as well as healthcare-specific devices, some of which may be connected to individuals, as well as various physical places, if not entire campuses. Complexity is the enemy of security, making it difficult to even have a general understanding of the assets and their risk profile, and that's even taking into account the data that the organization holds.

The unpleasant reality is that threat actors will continue to target the healthcare sector heavily, thus healthcare organizations must take all necessary precautions to protect their networks.

Michael Markulec

technology executive, cyber-security guru, politician, rugby player, deadhead, brewer, former army officer, crossfitter, and hard-drinking calypso poet.