Commonspirit Health, the largest Catholic healthcare system and second largest non-profit hospital network in the United States, has revealed that the Mount Program cyberattack in October 2022 cost the company $160 million. The attack impacted more than 100 Commonspirit objects in the US and resulted in personal data of over 623,700 patients being disclosed.
Investigations into the cyberattack showed that the attackers gained unauthorized access to the Commonspirit network on September 16, 2022, which was only detected on October 3. The identity of the cyber attackers remains unknown.
Commonspirit initially estimated that the attack cost $150 million, but the company updated its estimate to $160 million on May 25, 2023. The costs include the suspension of work, recovery costs, and other expenses related to business.
Commonspirit Health has been hit with two class action lawsuits related to the Mount Program attack. Both lawsuits allege that the company was negligent and failed to take adequate cybersecurity measures, resulting in the disclosure of confidential information.
Despite the significant financial losses and legal challenges faced by Commonspirit Health, the organization remains committed to providing high-quality healthcare services to its patients.