What is the CHI Health data breach? A cybersecurity breach that is affecting medical services all throughout the nation has been revealed by CommonSpirit, the second-largest nonprofit hospital network in the U.S.The “IT security issue” is affecting several of CommonSpirit’s facilities, according to a brief statement from Chicago-based CommonSpirit. Some patient appointments have been rescheduled as a result.
CHI Health data breach
The Omaha hospitals owned by CHI Health, a CommonSpirit subsidiary based in Nebraska, experienced interruptions. At the same time, MercyOne Des Moines Medical Center shut down portions of its IT systems, including access to its electronic health information.
“Our facilities are following existing protocols for system outages and taking steps to minimize the disruption. We take our responsibility to ensure the security of our IT systems very seriously. As a result of this issue, we have rescheduled some patient appointments. Patients will be contacted directly by their provider and/or care facility if their appointment is impacted.
CommonSpirit Health has identified an IT security issue that is impacting some of our facilities. We have taken certain systems offline. We are continuing to investigate this issue and follow existing protocols for system outages. We are grateful to our staff and physicians, who are doing everything possible to minimize the impact to our patients. We take our responsibility to our patients very seriously and apologize for any inconvenience.”
CHI Health
CHI Health institutions are minimizing the impact by adhering to current procedures for system failures. The affected locations are Lakeside Hospital, Creighton University Medical Center-Bergan Mercy, and Immanuel Medical Center, all of which are CHI Health hospitals in Omaha.
CommonSpirit, CHI Health’s parent company, has not yet confirmed the nature of the security incident, and it is currently uncertain whether patient information or health data were compromised.
CommonSpirit is the USA’s second-largest nonprofit hospital network. CommonSpirit runs more than 700 care facilities and 142 hospitals throughout 21 states.
Several well-known nonprofit health institutions, like CommonSpirit, reported large losses for the most recent fiscal year. The healthcare system, created in 2019 through the union of Catholic Health Initiatives and Dignity Health, recorded losses of $1.85 billion in 2022.
Is North Korea behind the CHI Health data breach?
In a joint statement released in July, the FBI, the U.S. Treasury, and the U.S. cybersecurity agency CISA warned that ransomware attacks supported by North Korea were being launched against healthcare and public health organizations all around the country.
The warning came after several well-publicized assaults on American healthcare organizations, including Kaiser Permanente, Eskenazi Health, and University Medical Center Southern Nevada. Brett Callow, a threat analyst at Emsisoft, said ransomware had affected at least 15 American health organizations managing 61 hospitals across the nation in 2022. At least 12 of these events included compromising sensitive data, including PHI (personal health information).
Check out the importance of cyber risk assessment
According to experts, this warning and other subsequent cyber attacks strengthen the possibility that North Korea is behind it.
What is CHI Health?
Omaha serves as the regional hospital network’s corporate headquarters for CHI Health (previously Alegent Health). 28 hospitals, two independent behavioral health facilities, and more than 150 employed medical practices across Iowa, Minnesota, Nebraska, and North Dakota make up the merged enterprise.
CHI Health is a division of CommonSpirit Health and is recognized as a non-profit by law.
| Hospital | City | State |
|---|---|---|
| CHI Health Lakeside | Omaha | Nebraska |
| CHI Health Midlands | Papillion | Nebraska |
| Community Memorial Hospital | Missouri Valley | Iowa |
| Creighton University Medical Center – Bergan Mercy (formerly Bergan Mercy Medical Center) | Omaha | Nebraska |
| Good Samaritan Hospital | Kearney | Nebraska |
| Immanuel Medical Center | Omaha | Nebraska |
| Memorial Hospital | Schuyler | Nebraska |
| Mercy Hospital | Corning | Iowa |
| Mercy Hospital | Council Bluffs | Iowa |
| Nebraska Heart Hospital | Lincoln | Nebraska |
| Plainview Hospital | Plainview | Nebraska |
| Saint Elizabeth Regional Medical Center | Lincoln | Nebraska |
| Saint Francis Medical Center | Grand Island | Nebraska |
| Saint Mary’s Community Hospital | Nebraska City | Nebraska |
Latest data breaches
Check out the latest data breaches:
Outcomes of data breaches: Equifax
The credit reporting firm Equifax acknowledged on September 7, 2017, that one of its computer networks had had a data leak that had exposed the personal information of 143 million clients, which eventually rose to 147 million. These records included information about the customers’ names, residences, dates of birth, Social Security numbers, and credit card numbers, all of which may be exploited for fraud and identity theft.
Equifax agreed to establish a fund to provide customers with free credit monitoring, identity theft protection, and cash compensation of up to $20,000 per to people harmed by the event, per the conditions of the deal. Additionally, the company must pay court fees and government fines.
Take a closer look at how data breaches effects companies: Equifax Data breach settlement
