On April 6, 2023, CommonSpirit Health filed a notice of data breach with the Montana Attorney General after learning about a successful ransomware attack that compromised the confidential information of more than 623,000 people. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, addresses, dates of birth, phone numbers, email addresses and protected health information. After confirming that consumer data was leaked, CommonSpirit began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.

If you received a data breach notification from CommonSpirit Health, it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts covering other healthcare data breaches, hackers have shown an increased interest in targeting healthcare providers due to the wealth of sensitive information they possess. After carrying out a cyberattack, hackers can use the information they stole to commit a wide range of fraud against victims, including identity theft. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the CommonSpirit Health data breach, reach out to an experienced data breach lawyer for assistance.

What We Know So Far About the CommonSpirit Health Breach

News of the CommonSpirit Health data breach is still fresh; however, what we know at this point comes from the company’s filing with the Montana Attorney General, as well as a “Notification of Data Breach” on the CommonSpirit website. According to these sources, on October 2, 2022, CommonSpirit learned that it had been the recent victim of a ransomware attack targeting its IT network. In response, CommonSpirit secured its network and then began working with third-party forensic specialists to investigate the incident.

The CommonSpirit investigation confirmed that an unauthorized party was able to access the company’s IT network between September 16, 2022 and October 3, 2022. The compromised were later determined to contain confidential information belonging to more than 623,000 individuals.

Upon discovering that sensitive consumer data was made available to an unauthorized party, CommonSpirit Health began to review the affected files to determine what information was compromised and which consumers were impacted. CommonSpririt completed this process on February 21, 2023. While the breached information varies depending on the individual, it may include your name, Social Security number, address, date of birth, phone number, email address and protected health information.

On April 6, 2023, CommonSpirit Health sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

More Information About CommonSpirit Health

Founded in 2019, CommonSpirit Health is a nonprofit Catholic health system based in Chicago, Illinois. The company was created by the merger of Dignity Health and Catholic Health Initiatives. CommonSpirit operates 140 hospitals and more than 1,000 other healthcare offices in 21 states across the country. CommonSpirit Health employs more than 150,000 people and generates approximately $34 billion in annual revenue.