CommonSpirit’s ‘IT security incident’ is likely a cyber attack, security experts say

Security experts say an “IT security incident” reported this week by CommonSpirit Health, one of the nation’s largest health systems, is likely a cyber attack.

CommonSpirit announced Tuesday that an unspecified security incident is affecting multiple regions and disrupting access to electronic health records. The system said that, as a precaution, some systems have been taken offline due to problems.

When asked if the incident was a ransomware attack, CommonSpirit spokesman Chad Burns told Healthcare Dive on Wednesday via email that the system was unable to provide further details.

Burns did not respond to an emailed request to seek more details about the incident at the time of publication.

Some CommonSpirit facilities in Chattanooga, Tennessee, have moved some systems offline including electronic health records, according to a statement from CHI Memorial, which operates two hospitals in the area. Chattanooga.

CHI Memorial said some patient procedures have been rescheduled due to the incident.

While some details have led some to speculate about the nature of the security incident at Chicago headquarters CommonSpirit Security experts told Healthcare Dive that taking the system offline and disrupting access to electronic health records is seen as a defensive move.

Maybe “an attacker has access or is trying to gain access to their system and they want to do whatever they can to prevent that. So what’s the easiest way to do that? Unplug everything,” Allie said MellenSenior security and risk analyst at Forrester, a research and consulting firm for various industries.

CommonSpirit-run hospitals in Iowa, Washington, Texas and Nebraska have also been affected by security issues after the incident was first reported in Chattanooga.

Some hospitals were forced to switch to paper charts, and others diverted ambulances for a short time.

In Iowa, the Des Moines Registry said ambulances were diverted Monday for a brief period from MercyOne Des Moines Medical Center, a CommonSpirit facility, to other emergency rooms.

In Washington, Kitsap Sun reports the inability to access electronic health records has forced providers to revert to using paper charts.

Rob Hughes, head of security and risk at RSA, said, “If there is a chance someone could gain access to the system, the healthcare organization will fall back to the paper mechanism, or in this case charting on paper. RSA works with healthcare organizations to secure users’ identities and manage access to their IT systems.

“My expectation is that if you are experiencing a security event that it will be related to an attack,” he said. “You would expect with a security event or with a security incident that someone could do something they shouldn’t have or be somewhere they shouldn’t be.”

John Riggi, who advises the American Hospital Association on cybersecurity and risk and declined to comment directly on the incident at CommonSpirit Health, give your input on cyberattacks.

Riggi, a former FBI director, said: “Generally, when we’ve seen disruptive cyberattacks … monitor cyber problems.

Riggi added that defensive measures are like “isolation of an infected patient.”

The worst case scenario is a ransomware attack, where attackers gain access to and encrypt the system, demanding ransom from organizations in exchange for an encryption key.

“It’s a very common type of attack because personal health information is a very expensive thing,” Hughes said.

Hospitals collect a lot of information from patients, from social security numbers to diagnoses and medical addresses, and it’s centralized in one location, Forrester’s Mellen said.

Attackers know hospitals will “feel the pain from these attacks” because they need to be up and running for hours every day, Mellen added.