pixel
(844) 915-5155
(844) 915-5155

CommonSpirit Health Hacked in October 2022: How to Protect Your Organization from a Ransomware Attack

CommonSpirit Health Hacked in October 2022: How to Protect Your Organization from a Ransomware Attack
Published Nov 14, 2022

On October 3rd, 2022, Chicago-based CommonSpirit Health was hacked with a ransomware attack impacting more than 1,000 care sites and 140 hospitals in 21 states. This article will discuss what happened, and how you can protect your organization from a ransomware attack in the future.

CommonSpirit Health held ransom

“Upon discovering the ransomware attack, the CommonSpirit organization quickly mobilized to protect our systems, contain the incident, begin an investigation, and maintain continuity of care.” It appears that CommonSpirit Health, the nation’s second-largest nonprofit hospital network, will not pay the ransom and has experienced operational impacts to hospitals.

The entry point for the ransomware attack has not been disclosed, and neither has the determination if any there was a breach to patient information.

What is a ransomware attack?

ransomware

A ransomware attack is a combination of encryption software and hackers. The software encrypts your data preventing you from being able to access it unless a hacker provides you a decryption key which most frequently you need to pay for. The software can be initially installed in many different ways post compromising your environment.

An additional element of ransomware attacks that has become the norm since 2021 is exporting your data during the attack to cloud storage and then demanding payment for both providing you a decryption key and to prevent you from publicly selling or disclosing your data.

How to Protect Your Organization from a Ransomware Attack

There is no simple answer here. Ransonware attacks happen after you have already been compromised in any number of ways. Frequently the entry point is human error and/or lack of multi factor authentication system (MFA). Almost as frequently it is unpatched security weaknesses that hackers exploit.

Our best recommendation is to follow the Center for Information Security (CIS) 18 critical security controls from top to bottom – CIS regularly updates the critical controls based on findings of why compromises occur most frequently, and the controls address 98% of risk. Additionally, ensure that you have adequate cyberattack insurance as no one can be 100% protected.

Though the CommonSpirit Health hack is unfortunate, having such a public company be visibly hacked, serves as a lesson that the rest of us can apply and prevent being hacked ourselves.

You may also like

Jul 18, 2022

Why XL.net Exists

Dear Small businesses, the people within them and XLnetters, I have struggled since early 2009, b...

Oct 19, 2020

We were published on Forbes.com!!

Thank you to the wonderful editors and proofreaders at Forbes.com for launching our article Four Tec...

May 21, 2020

Chicago IT Support and Outsourcing Selection Guide

Your business has decided it's time to change your Information IT support / Information Technology d...

Nov 23, 2022

What You Need to Know About ISO 27001 Certification Costs

When it comes to information security, ISO 27001 certification is one of the most highly sought afte...

Nov 18, 2022

A Guide to an Internal ISO 27001 Audit: Checklist & Template

If you're responsible for information systems within your organization, then you need to be aware of...

Nov 10, 2022

Is Your Business Going Digital? 5 Roles You Need to Help Transition

A Business Insider survey has shown that 53 business leaders are benefiting from digital transformat...