CommonSpirit Health, the second-largest nonprofit United States hospital chain is dealing with an unprecedented ransomware cyberattack. Last week, CommonSpirit Health announced it had experienced “an IT security issue” that forced it to take certain IT systems offline. While CommonSpirit Health declined to provide full details, a source disclosed to NBC News that it had suffered a massive ransomware attack.
By Wednesday, October 5th, news of the attack began receiving widespread national attention. CommonSpirit Health provided sparse details initially. Strangely, they issued a revised statement mid-week that removed specific details about the attack.
While some ransomware gangs announced bans on any ransomware attacks on hospitals throughout COVID-19, that appears to be waning. It also doesn’t stop “ransomware-as-a-service” groups from selling their malware to affiliate groups who then do not share such “ethics” in targeted attacks.
CommonSpirit Health has over 140 hospitals and more than 1,000 care sites in 21 sites. At this time, ransomware attacks have independently been verified at facilities located in Iowa, Nebraska, Tennessee and Washington, according to the Washington Post.
The stakes for any sort of hospital cyberattack are significant. Taking any form of hospital equipment offline can disrupt patient care, delay critical surgeries, or even cost patient lives.
According to NBC News, only one such ransomware attack on an American hospital led to a patient death. An Alabama woman sued her hospital in 2020 after her baby was born with severe brain injury and died after the hospital was hit with a ransomware attack. The hospital failed to properly inform the mother.
Ransomware affects every industry vertical and government, as we’ve been reporting across the globe.
