Patients of Chicago-based CommonSpirit Health had their data compromised in the massive MOVEit hack that stole private information from millions of people across the globe.
The affected patients received care at the former Centennial, Colo.-based Centura Health, which now operates under the CommonSpirit name, and were exposed via the use of Nuance Communications, a Microsoft subsidiary that listens to and documents medical appointments, according to a Sept. 13 notice from CommonSpirit. Nuance employed the MOVEit file transfer software from Progress Software that was hacked in late May.
The breached data may include patient and facility names, dates and types of service performed, and medical record numbers. The health system is mailing letters to affected patients.
The worldwide hack has affected a variety of industries and at least 60 million people. Other health systems that had patient information exposed in the breach include Baltimore-based Johns Hopkins Medicine, Dallas-based UT Southwestern Medical Center, and Louisville, Ky.-based UofLHealth. Clop, a ransomware gang with ties to Russia, has claimed responsibility for the data theft.