CALL 916-777-7777
Youtube Facebook-f X-twitter Linkedin-in

CommonSpirit Health Data Breach

Posted on behalf of Arnold Law Firm in
NOTICE: If you are a Washington State resident and you received a NOTICE OF DATA BREACH letter from CommonSpirit Health, contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.
CommonSpirit Data Breach On or about April 6, 2023, CommonSpirit Health (“CommonSpirit”) sent a Notice of Data Breach Letter (“Breach Letter”) to individuals, including customers and potential employees, former employees, and their dependents. The Breach Letter informed victims that their personally identifiable information (“PII”) was exposed when there was a “ransomware attack on [CommonSpirit’s] IT network.” (the “Data Breach”) According to the Breach Letter, CommonSpirit discovered the Data Breach on October 2, 2022 and determined that, between September 16, 2022 and October 3, 2022,  hackers had gained access to their network without authorization. CommonSpirit has revealed that the PII available to the hackers during this breach consists of, including, but not limited to: name, address, date of birth, phone number(s), email address, as well as medical information such as dates of service, medical record number, healthcare provider’s name, diagnosis/treatment information, medical billing/claims information, patient’s facility associated account/encounter number, and health insurance information.  For some individuals, their Social Security number was also accessed. CommonSpirit discovered the Data Breach in early October 2022, but waited until April 6th, 2023 to send Breach Letters to victims. CommonSpirit Health is a “leading provider of Medicaid services” and is based in Chicago, Illinois. It has a network of over 140 hospitals and 1,000 care sites across 21 different states, including Washington. It has over 150,000 employees and in 2022 had over $33.9 billion in revenue. The data of over 623,774 individuals was compromised by this data breach. If you received a Breach Letter from CommonSpirit or any of its related entities, you were impacted by the data breach.

WHAT INFORMATION IS INVOLVED?

According to CommonSpirit, the following information was exposed:
  • Names
  • Social Security numbers
  • Dates of birth
  • Mailing addresses
  • Phone numbers
  • Email addresses
  • Medical Information, including:
    • Dates of service
    • Medical record number
    • Healthcare provider’s name
    • Diagnosis/treatment information
    • Medical billing/claim information
    • Patient’s facility associated account/encounter number
    • Health insurance information
This information is called your Personally Identifiable Information (“PII”). It tells others about you and is considered part of your identity. Businesses are required to secure this information or risk facing statutory penalties, among other legal penalties. Stolen PII can be used by identity thieves to engage in fraudulent activity using your identity. The best way to protect yourself after a data breach is to sign up for credit and identity protection services as soon as possible.

NOTICE: If you are a Washington State resident and you received a NOTICE OF DATA BREACH letter from CommonSpirit Health, contact the Arnold Law Firm at 916-777-7777 to discuss your legal options, or submit a confidential Case Evaluation form here.

Settlement - $3,767,000

Truck Accident

A 20-year-old man who had been married for just 12 days left home on his way to work. He was driving on Pleasant Grove Road in Sutter County in the early morning when he came upon a slow-moving truck. As he pulled out to pass the truck, the truck driver turned left in front of him. The young man attempted to steer back into his lane but his vehicle struck an un-flagged piece of metal extending from the back of the truck. He died in the resulting crash.

Expert witnesses brought in by the Arnold Law Firm proved that the truck, owned and operated by a hauling firm, should never have been on the highway that morning. Specifically, the rear and side turn signals did not work and the rear-view mirror was in a poor state of adjustment at the time of the collision. As a result, the driver, who had failed to properly inspect the vehicle before setting out that morning, couldn’t see the young man’s vehicle as it attempted to pass.

The poor condition of the truck, its lack of maintenance and the manner in which it was operated were found to be substantial factors in causing the collision that killed the young man. The testimony also established that the man had been making a lawful pass at the lawful speed limit and acted reasonably when he attempted to avoid the collision.

The man’s 20-year-old widow was awarded $3,767,000.77, his parents were awarded $185,131 and the family was reimbursed $11,899 in funeral expenses. Though money is a poor substitute for a young man’s life, this verdict demonstrates that drivers who endanger the lives of others will be held accountable for their actions.