On October 4th, 2022 a cybersecurity incident has disrupted CommonSpirit Hospitals. With more than 150,000 employees, 20,000 physicians, and serving 21 million patients, CommonSpirit Hospitals is the second-largest nonprofit hospital system in the nation. In 21 states, CommonSpirit operates more than 1,000 care sites and 140 hospitals.

CommonSpirit Hospitals announced it is investigating an “IT security issue.” While the full extent of the attack is unknown, it has already caused significant disruptions for patients and staff at CommonSpirit Hospitals.

Some of MercyOne Des Moines Medical Center’s IT systems, including access to electronic health records, have been shut down. In addition, CHI Health, a subsidiary of CommonSpirit based in Nebraska, reported outages across its Omaha hospitals.

Although it is not entirely clear how the incident occurred or what kind of information was compromised, it does illustrate the vulnerability of the U.S. healthcare system to cyberattacks.

The healthcare system in the United States has been the target of numerous high-profile attacks, including University Medical Center Southern Nevada, Eskenazi Health, and Kaiser Permanente. In 2022, at least 15 U.S. health systems were affected by ransomware, and 12 of those incidents involved compromising personal health information.

Cybersecurity attacks on healthcare facilities can seriously affect patients, staff, and the hospital’s operations. These incidents can lead to the loss of essential data, disruptions in care, and financial damages.

Healthcare organizations can prevent cyberattacks by adopting strong security policies, investing in robust security technologies, and training employees to identify and respond to threats. As a result of these measures, healthcare organizations can reduce the harmful effects of cyberattacks on patients, staff, and facilities.