Catholic Heath Initiative Trinity Medical Center
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The breach at Catholic Health Initiative (CHI) Trinity Medical Center in Ohio was part of a larger cybersecurity incident that affected CommonSpirit Health, a large nonprofit health system formed from the merger of Catholic Health Initiatives and Dignity Health. The breach was a ransomware attack that compromised the protected health information of more than 623,700 people across multiple facilities and states[1][3].
The cyberattack, which began between September 16 and October 3, led to IT outages at various CommonSpirit Health facilities, including CHI Health facilities in Nebraska and Seattle-based Virginia Mason Franciscan Health providers, among others. The attack disrupted medical systems, leading to electronic health records (EHR) systems being taken offline and patient appointments being canceled in some cases[1].
CommonSpirit Health reported the incident as a “hacking/IT incident” related to a business associate and confirmed that personal information was leaked during the cybersecurity breach. The leaked information included names, addresses, phone numbers, and dates of birth, but medical record numbers or insurance IDs were not compromised[1].
As of the latest updates, there was no evidence that the leaked information had been misused. CommonSpirit Health began contacting individuals whose personal information was held in the compromised files starting December 1. The organization has been managing the aftermath of the incident, which affected some of its facilities in multiple regions[1].
The U.S. Department of Health and Human Services Office for Civil Rights Breach Portal also listed the breach at Catholic Health Initiative Trinity Medical Center OH, confirming it as a “Hacking/IT Incident” on a network server, affecting 797 individuals[3].
For more detailed information on the affected facilities and the scope of the breach, CommonSpirit Health issued an update confirming that patients from 164 facilities were affected by the ransomware attack[5].
Citations:
- https://www.fiercehealthcare.com/health-tech/commonspirit-health-reported-it-security-incident-affecting-facilities-wash-neb-and
- https://duke.edu
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.hfma.org
- https://www.hipaajournal.com/commonspirit-health-issues-update-confirming-164-facilities-affected-by-ransomware-attack/
- https://www.covenanthealth.com
- https://www.bankinfosecurity.com/commonspirit-patients-data-breached-in-ransomware-attack-a-20650
- https://www.uiw.edu
- https://www.beckershospitalreview.com/cybersecurity/commonspirit-dozens-of-hospitals-across-13-states-affected-by-ransomware-attack.html
- https://theconversation.com/us
- https://www.bankinfosecurity.com/mergers-acquisitions-in-healthcare-security-risks-a-21126
- https://www.allscripts.com
- https://www.hipaajournal.com/hipaa-breaches/
- https://www.liberty.edu
- https://www.scribd.com/document/639745557/Husel-Lawsuit-Trinity-Health
- https://www.insidehighered.com