More than 620,000 patients of Chicago-based CommonSpirit Health had their data breached in the recent ransomware attack on the nation's second-largest nonprofit health system, according to a report to the HHS Office of Civil Rights.
That cyberattack led to widespread IT outages and appointment disruptions across the health system's nationwide network of hospitals beginning in early October.
On Dec. 1, CommonSpirit said that files of patients at one of its subsidiaries, Seattle-based Virginia Mason Franciscan Health, had been accessed between Sept. 16 and Oct. 3, but didn't say how many individuals were affected. That number is 623,774, according to the health system's notification to HHS posted Dec. 8.
The accessed data may have included names, addresses, dates of birth, phone numbers, and unique internal IDs used only by CommonSpirit. The health system said it has no evidence that any of the information has been misused and has begun notifying affected individuals.