CommonSpirit Health, a nationwide Catholic hospital chain, revealed additional details around the impact of a data breach late last year that affected more than 600,000 patients and cost the system at least $150 million.
The health system disclosed a list of more than 100 facilities across at least 13 states that were impacted in a ransomware attack CommonSpirit detected in October. The health system also said that about 50 more home care services locations were also included in the breach, Crain’s Chicago Business reports.
CommonSpirit and media reports disclosed some facilities and states affected at the time of the breach, but the full extent was unknown until now. Crain’s previously reported that facilities in Iowa, Nebraska, Tennessee and Washington were among those affected. But according to CommonSpirit’s disclosure, facilities and services in Arkansas, Georgia, Indiana, Kansas, Kentucky, Minnesota, New Jersey, North Dakota, Ohio, Oregon, Pennsylvania and Texas were also included.
Although CommonSpirit is headquartered in Chicago, it doesn’t have any hospitals in Illinois. The health system is the parent organization of Catholic Health Initiatives, Dignity Health, and is or has been associated with Centura Health and MercyOne, facilities of which were among those in the breach. Altogether, CommonSpirit operates about 140 hospitals and 1,000 sites of care across more than 20 states. Read more.