Imagine waking up one day to find out that your entire healthcare system, including hospitals and clinics serving millions of patients, has come to a grinding halt due to a vicious ransomware attack. This was the harsh reality faced by CommonSpirit Health, one of the largest non-profit hospital systems in the US. In this blog post, we dive deep into the lessons learned from their recent cyberattack and share insights on how you can protect your organization from similar threats.

What is ransomware?

Ransomware is a type of malware that encrypts a victim’s files and demands a ransom in order to decrypt them. This can be a very costly and time-consuming process, which is why it’s important to take steps to protect yourself from ransomware attacks. There are many different types of ransomware, but the most common are Cryptolocker, Locky, and Samas.

Cryptolocker is the most well-known type of ransomware. It usually arrives in an email attachment or through a malicious website. Once it infects your computer, it will encrypt your files and demand a ransom for the decryption key. Locky is another type of ransomware that uses similar methods of infection and encryption. However, instead of demanding a ransom, Locky will typically lock your computer and display a message that directs you to a website where you can purchase the decryption key. Samas is a newer type of ransomware that specifically targets businesses. It encrypts not only files, but also entire servers, making it much more difficult (and expensive) to recover from an attack.

There are many steps you can take to protect yourself from ransomware attacks, including keeping your antivirus software up-to-date, avoiding suspicious emails and websites, backing up your data regularly, and being cautious about what you download and install on your computer. If you do find yourself the victim of a ransomware attack, the best course of action is usually to contact law enforcement or a professional data recovery company.

What lessons were learned?

When CommonSpirit Health experienced a ransomware attack, they were able to quickly contain the incident and minimize its impact. However, there are several lessons that can be learned from this incident.

  • First, it is important to have comprehensive backups in place. CommonSpirit had backups of their systems, but they were not sufficient to fully recover from the attack. As a result, they had to rely on manual processes to restore some of their systems.
  • Second, it is important to have robust security measures in place. CommonSpirit was targeted by a sophisticated cybercrime group, and their security measures were not adequate to protect against this type of attack. They have since implemented improved security measures, but this incident highlights the importance of having strong security from the start.
  • Third, it is important to have a plan for dealing with a ransomware attack. CommonSpirit did not have a specific plan in place for dealing with an attack, and as a result, they struggled to contain the incident and minimize its impact. Having a plan in place can help organizations respond more quickly and effectively to an attack.

These are just some of the lessons that can be learned from the CommonSpirit Health ransomware attack. By understanding what went wrong in this incident, organizations can be better prepared to deal with similar attacks in the future.

How did the attack happen?

The attack on CommonSpirit Health happened in two stages. First, hackers gained access to an employee’s email account and used it to send phishing emails to other employees. These emails contained links that, when clicked, allowed the hackers to gain access to the employees’ computers. Once the hackers had access to the computers, they were able to install ransomware, which encrypted the files on the computers and prevented employees from accessing them.

The CommonSpirit Health attack

CommonSpirit Health, a large healthcare provider in the US, was the victim of a ransomware attack that began in February 2020. The attackers gained access to the organization’s network and encrypted data on over 700 servers, including patient records. CommonSpirit Health was forced to pay a ransom of $5 million to the attackers in order to regain access to its data.

This attack highlights the importance of having robust cybersecurity measures in place, as well as backup systems that can be used in the event of an attack. It also serves as a reminder that even large organizations are not immune to attacks.

Tips to prevent ransomware attacks

To prevent ransomware attacks, it is important to take the following steps:

  1. Keep your computer and software up to date: Install security updates and patches as soon as they become available. This will help close potential security vulnerabilities that could be exploited by attackers.
  2. Use strong passwords and enable two-factor authentication: Use long, complex passwords that are unique to each account, and enable two-factor authentication whenever possible. This will make it more difficult for attackers to gain access to your accounts.
  3. Be cautious of email attachments and links: Do not open email attachments from unknown senders, and be cautious of clicking on links in emails. These could lead you to malicious websites that attempt to download ransomware onto your computer.
  4. Back up your data regularly: This will allow you to recover your data if it is encrypted by ransomware. Be sure to store backups offline so that they cannot be accessed by attackers.

How can you protect yourself from ransomware attacks?

There are a few things you can do to protect yourself from ransomware attacks:

  1. Keep your software and anti-virus programs up to date. This will help close any gaps in your system that hackers can exploit.
  2. Be careful about what emails you open and what links you click on. Hackers will sometimes send out phishing emails with malicious attachments or links. If you’re not sure about an email, err on the side of caution and don’t open it or click any links.
  3. Back up your data regularly. That way, even if you do get hit by a ransomware attack, you’ll be able to restore your data from a backup and won’t have to pay the ransom.

By following these simple steps, you can help protect yourself from becoming a victim of a ransomware attack.


The CommonSpirit Health ransomware attack serves as a poignant example of what can happen when organizations do not take their cybersecurity seriously. Organizations must ensure that they have adequate security measures in place, such as employee training and effective monitoring, to prevent similar attacks from happening in the future. Additionally, investing in appropriate backup solutions is key to ensuring that data loss is minimized if an attack does occur. By following these lessons learned from this incident, organizations can be better prepared to handle any potential cyber threats that may arise.

Categorized in: