Catholic Heath Initiative Trinity Medical Center

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at Catholic Health Initiative (CHI) Trinity Medical Center in Ohio was part of a larger cybersecurity incident that affected CommonSpirit Health, a large nonprofit health system formed from the merger of Catholic Health Initiatives and Dignity Health. The breach was a ransomware attack that compromised the protected health information of more than 623,700 people across multiple facilities and states[1][3].

The cyberattack, which began between September 16 and October 3, led to IT outages at various CommonSpirit Health facilities, including CHI Health facilities in Nebraska and Seattle-based Virginia Mason Franciscan Health providers, among others. The attack disrupted medical systems, leading to electronic health records (EHR) systems being taken offline and patient appointments being canceled in some cases[1].

CommonSpirit Health reported the incident as a “hacking/IT incident” related to a business associate and confirmed that personal information was leaked during the cybersecurity breach. The leaked information included names, addresses, phone numbers, and dates of birth, but medical record numbers or insurance IDs were not compromised[1].

As of the latest updates, there was no evidence that the leaked information had been misused. CommonSpirit Health began contacting individuals whose personal information was held in the compromised files starting December 1. The organization has been managing the aftermath of the incident, which affected some of its facilities in multiple regions[1].

The U.S. Department of Health and Human Services Office for Civil Rights Breach Portal also listed the breach at Catholic Health Initiative Trinity Medical Center OH, confirming it as a “Hacking/IT Incident” on a network server, affecting 797 individuals[3].

For more detailed information on the affected facilities and the scope of the breach, CommonSpirit Health issued an update confirming that patients from 164 facilities were affected by the ransomware attack[5].

Citations:

  1. https://www.fiercehealthcare.com/health-tech/commonspirit-health-reported-it-security-incident-affecting-facilities-wash-neb-and
  2. https://duke.edu
  3. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  4. https://www.hfma.org
  5. https://www.hipaajournal.com/commonspirit-health-issues-update-confirming-164-facilities-affected-by-ransomware-attack/
  6. https://www.covenanthealth.com
  7. https://www.bankinfosecurity.com/commonspirit-patients-data-breached-in-ransomware-attack-a-20650
  8. https://www.uiw.edu
  9. https://www.beckershospitalreview.com/cybersecurity/commonspirit-dozens-of-hospitals-across-13-states-affected-by-ransomware-attack.html
  10. https://theconversation.com/us
  11. https://www.bankinfosecurity.com/mergers-acquisitions-in-healthcare-security-risks-a-21126
  12. https://www.allscripts.com
  13. https://www.hipaajournal.com/hipaa-breaches/
  14. https://www.liberty.edu
  15. https://www.scribd.com/document/639745557/Husel-Lawsuit-Trinity-Health
  16. https://www.insidehighered.com
Breach Submission Date Jan 08, 2024
Converted Entity Name Catholic Heath Initiative Trinity Medical Center
Converted Entity Type Healthcare Provider
State OH
Individuals Affected 797
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes