Company Commonspirit Health confirmed that the attackers gained access to the personal data of 623 774 patients during the October extortion attack. So the figure was published on the portal of the US Department of Health, where medical organizations under the law are required to report on leaks of data affecting more than 500 people.
Commonspirit Health is the second largest network of non-profit hospitals in the United States, it includes 140 hospitals and more than 1000 medical institutions in 21 states, which is why any malfunctions can have catastrophic consequences.
On December 1, the latest results of the internal investigation of the incident were published. Representatives of the company recognized that hackers gained access to certain files with information about patients. In the hands of the attackers were:
complete names;
addresses,
phone numbers;
date of birth;
Unique patient identifiers.
The company clarified that the attackers did not gain access to insurance identifiers and numbers of medical cards.
Commonspirit Health has already contacted the victims and told them that the data leak occurred from September 16 to October 3, 2022. So far, the company does not disclose information about the group that carried out the attack and not a single gang of attackers is in a hurry to take responsibility for the deed.