One of the largest hospital chains in the US was hit this week with a suspected ransomware cyberattack, which resulted in delayed surgeries, hold ups in patient care and rescheduled doctor appointments across the country.
CommonSpirit Health, ranked as the fourth-largest health system in the country by Becker s Hospital Review, said Tuesday it had experienced an IT security issue that forced it to take certain systems offline.
A person familiar with its remediation efforts confirmed to the NBC News that it had sustained a ransomware attack, despite CommonSpirit refusing to share specifics.
The CommonSpirit, which has more than 140 hospitals in the U.S., did not give any information on how many of its facilities were experiencing delays. Multiple hospitals, including CHI Memorial Hospital in Tennessee, some St. Luke s hospitals in Texas and Virginia Mason Franciscan Health in Seattle all have announced they are affected.
One Texas woman who spoke to NBC News on the condition of anonymity to protect her family's medical privacy said she and her husband had arrived at a CommonSpirit-affiliated hospital on Wednesday for long-scheduled major surgery, only for his doctor to recommend delaying it until the hospital's technical issues are resolved.
She said the surgeon told me it could potentially delay post-op care, but he didn't want to risk it.
Ransomware attacks on health care chains are relatively common and have been a part of the U.S. medical system for more than two years. Even if an attack doesn't shut a hospital down, it can knock offline, cutting doctors and nurses access to digital information like patient records and recommendations for care.
Brett Callow, an analyst at Emsisoft, said at least 15 health care companies representing 61 hospitals have been hit by ransomware attacks this year.
To date, there is only one documented instance in which an American has publicly claimed that ransomware directly led to a patient's death. An Alabama woman sued her hospital in 2020 after her baby was born with a severe brain injury, and died after her hospital was hit by a ransomware attack and didn't inform her.
A major report by the Federal Cybersecurity and Infrastructure Security Agency and a survey of health care information technology professionals found that a ransomware attack on a hospital increases the stress on its capabilities in general and leads to higher mortality rates there.