CHRISTUS Spohn Health System Corporation
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The CHRISTUS Spohn Health System Corporation, a faith-based health system headquartered in Irving, Texas, experienced a significant data breach due to an apparent ransomware attack by the AvosLocker group. This incident, which came to light in early July 2022, compromised the protected health information (PHI) of approximately 15,062 individuals. The breach was officially reported to the U.S. Department of Health and Human Services Office for Civil Rights on July 1, 2022, following the detection of unauthorized activity on its network between April 9 and May 4, 2022[1][2][4][12].
The compromised data included sensitive information such as names, Social Security numbers, dates of birth, home addresses, billing information, and insurance details. However, it was noted that no individual medical records affecting medical care were accessed[2]. Despite the breach, CHRISTUS Spohn Health System assured that the incident did not impact patient care or clinical operations[3][8]. In response to the breach, CHRISTUS Spohn took immediate steps to contain the incident and began a thorough review to understand the scope of the breach. The health system also engaged cybersecurity professionals to investigate and address the issue[1].
To mitigate the potential impact on affected individuals, CHRISTUS Spohn Health System offered a free year of identity protection security services to those impacted by the breach[2][4]. The health system also encouraged affected individuals to take additional steps to protect their information, such as monitoring account statements and credit reports for signs of fraud or unauthorized activity[10].
AvosLocker, the group claiming responsibility for the attack, is known for its ransomware-as-a-service operations, targeting victims across various sectors, including healthcare. The group has been active since at least July 2021 and is known for its aggressive tactics, including threatening to publish stolen data on the dark web and conducting phone calls to negotiate ransoms[1][3].
This incident underscores the ongoing challenges and threats faced by healthcare organizations from cybercriminals, highlighting the importance of robust cybersecurity measures and rapid response strategies to protect sensitive patient information.
Citations:
- https://www.jdsupra.com/legalnews/christus-spohn-health-system-2513343/
- https://www.caller.com/story/news/local/2022/07/12/christus-spohn-is-notifying-patients-of-a-security-breach-texas-corpus-christi/65371802007/
- https://healthitsecurity.com/news/avoslocker-claims-responsibility-for-christus-health-ransomware-attack
- https://www.kiiitv.com/article/news/local/patients-receive-letter-informing-of-data-breach/503-219b2bd8-151c-4ba8-9bdd-75b542cd22ad
- https://casetext.com/case/christus-spohn-health-sys-corp-v-high
- https://www.kiiitv.com/article/news/local/south-texas-hospital-data-breach-puts-15000-patients-at-risk/503-550bb7c0-6391-4e4b-a4c4-dd8f1eb5571c
- https://www.justice.gov/civil/file/smart_v._christus_health_et/dl
- https://www.kristv.com/news/local-news/data-breach-at-christus-detected
- https://stateofreform.com/news/2022/07/data-breaches-at-texas-hospitals-compromised-millions-of-patients-personal-health-data-over-the-past-year/
- https://www.turkestrauss.com/2022/07/08/chrisus-spohn-health-system-corporation-data-breach-investigation/
- https://www.kiiitv.com/video/news/local/patients-receive-letter-informing-of-data-breach-from-christus-spohn-health-system/503-e9ec134e-6834-455c-815f-2ef7a0ae2e11
- https://www.beckershospitalreview.com/cybersecurity/texas-health-system-data-breach-compromises-info-of-15-000-patients.html