Patient sues CommonSpirit over ransomware attack

A CommonSpirit patient filed a lawsuit against the health system after it suffered a ransomware attack last year that compromised the private health information of more than 623,000 people.

Leeroy Perkins, a Washington state resident, filed suit in federal court in Illinois last week alleging the Chicago-based system failed to implement basic data security measures to protect patient health information.

Perkins’ lawsuit claims he and others are at risk of identity theft and alleges his personal health information is now in the hands of cybercriminals, according to the lawsuit that is seeking class action status. Perkins, who is being represented by the law firm Lynch Carpenter, was a patient at Virginia Mason Franciscan Health, part of CommonSpirit Health.

CommonSpirit is one of the largest hospital operators in the country with more than 142 hospitals and 2,200 care sites across 21 states. The health system declined to comment on the lawsuit. 

On Dec. 1, CommonSpirit reported the ransomware attack to regulators after it first announced an “IT security incident” in October.

CommonSpirit later confirmed it was hit by a ransomware attack that interrupted access to electronic health records and delayed patient care in multiple regions.

CommonSpirit said it notified law enforcement of the attack and brought in leading cybersecurity experts to assess the impact.