Chicago-based CommonSpirit said during its Oct. 2 ransomware attack, an unauthorized third party gained access to files containing patients' personal information from one of its affiliates, Seattle-based Virginia Mason Franciscan Health.
CommonSpirit said although its review of the files is still ongoing, it has identified that the information in some of the files related to patients, family members of patients, or caregivers of patients include names, addresses, phone numbers, dates of birth, and a unique ID used only internally by the organization.
At this time, the Chicago-based health system said it does not believe the information within the files has been misused, and it is working on notifying all affected individuals, according to a Dec. 1 update posted by CommonSpirit.
CommonSpirit did not disclose how many patients were affected.
Virginia Mason Franciscan Health includes St. Michael Medical Center in Silverdale, Wash; St. Anne Hospital in Burien, Wash.; St. Anthony Hospital in Gig Harbor, Wash; St. Clare Hospital in Lakewood, Wash.; St. Elizabeth Hospital in Enumclaw, Wash; St. Francis Hospital in Federal Way, Wash; and St. Joseph Medical Center in Tacoma, Wash.
The ransomware attack was responsible for nationwide IT and EHR outages as well as patient care delays at several of CommonSpirit's affiliated hospitals and health systems across the country.