This sound is generated automatically. Please let us know if you have feedback.
Security experts say an “IT security incident” reported this week by CommonSpirit Health, one of the nation’s largest health systems, is likely a cyber attack.
CommonSpirit announced Tuesday that an unspecified security incident is affecting multiple regions and disrupting access to electronic health records. The system said that, as a precaution, some systems have been taken offline due to problems.
When asked if the incident was a ransomware attack, CommonSpirit spokesman Chad Burns told Healthcare Dive on Wednesday via email that the system was unable to provide further details.
Burns did not respond to an emailed request to seek more details about the incident at the time of publication.
Some CommonSpirit facilities in Chattanooga, Tennessee, have moved some systems offline including electronic health records, according to a statement from CHI Memorial, which operates two hospitals in the area. Chattanooga.
CHI Memorial said some patient procedures have been rescheduled due to the incident.
While some details have led some to speculate about the nature of the security incident at Chicago headquarters CommonSpirit Security experts told Healthcare Dive that taking the system offline and disrupting access to electronic health records is seen as a defensive move.
Maybe “an attacker has access or is trying to gain access to their system and they want to do whatever they can to prevent that. So what’s the easiest way to do that? Unplug everything,” Allie said MellenSenior security and risk analyst at Forrester, a research and consulting firm for various industries.
CommonSpirit-run hospitals in Iowa, Washington, Texas and Nebraska have also been affected by security issues after the incident was first reported in Chattanooga.
Some hospitals were forced to switch to paper charts, and others diverted ambulances for a short time.
In Iowa, the Des Moines Registry said ambulances were diverted Monday for a brief period from MercyOne Des Moines Medical Center, a CommonSpirit facility, to other emergency rooms.
In Washington, Kitsap Sun reports the inability to access electronic health records has forced providers to revert to using paper charts.
Rob Hughes, head of security and risk at RSA, said, “If there is a chance someone could gain access to the system, the healthcare organization will fall back to the paper mechanism, or in this case charting on paper. RSA works with healthcare organizations to secure users’ identities and manage access to their IT systems.
“My expectation is that if you are experiencing a security event that it will be related to an attack,” he said. “You would expect with a security event or with a security incident that someone could do something they shouldn’t have or be somewhere they shouldn’t be.”
John Riggi, who advises the American Hospital Association on cybersecurity and risk and declined to comment directly on the incident at CommonSpirit Health, give your input on cyberattacks.
Riggi, a former FBI director, said: “Generally, when we’ve seen disruptive cyberattacks … monitor cyber problems.
Riggi added that defensive measures are like “isolation of an infected patient.”
The worst case scenario is a ransomware attack, where attackers gain access to and encrypt the system, demanding ransom from organizations in exchange for an encryption key.
“It’s a very common type of attack because personal health information is a very expensive thing,” Hughes said.
Hospitals collect a lot of information from patients, from social security numbers to diagnoses and medical addresses, and it’s centralized in one location, Forrester’s Mellen said.
Attackers know hospitals will “feel the pain from these attacks” because they need to be up and running for hours every day, Mellen added.
Attackers in 2021 disrupted Scripps Health operations for several weeks and stole patient information from about 150,000 patients, according to Fierce Healthcare. According to S&P Global Ratings, the ransomware attack cost Scripps Health $113 million in revenue and higher costs.
CommonSpirit operates about 2,200 healthcare sites including 142 hospitals in 21 states, according to the organization’s latest annual report. More than 28 million outpatient visits have been performed at CommonSpirit Medical facilities in fiscal year 2022.
According to Brett Callow, a threat analyst at security firm Emsisoft, security incidents are “a huge deal” because CommonSpirit has multiple locations.
Callow said a ransomware attack is the most likely explanation for such an outage.
The FBI did not respond to repeated requests for comment. HHS would not comment on whether CommonSpirit notified the agency of the violation.