DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

CommonSpirit Gets Restraining Order in Missing Patient Info Suit (UPDATED)

Posted on December 28, 2022 by Dissent

Holly Barker reports:

CommonSpirit Health, one of the country’s largest nonprofit health systems, convinced a federal judge in Texas to order a medical technology vendor to return hundreds of thousands of medical records it was sent to archive.

The US District Court for the Northern District of Texas’s order directs Emerge Clinical Solutions LLC to return all protected health information and other data in its possession; verify the destruction of all PHI and other data that can’t be returned; and complete and return the “Certificate of Return or Destruction of Protected Health Information,” in accordance with the parties’ agreement.

Read more at Bloomberg Law (sub. req.)

Looking at the court filings, it appears that CommonSpirit had a business associate agreement with Emerge Clinical Solutions to perform some projects for them. In late September, CommonSpirit found that there were some data extraction errors in Kentucky made by Emerge and sought their correction. According to the court filing:

Plaintiff immediately contacted Defendant to request that Defendant correct the errors. Defendant initially and generally responded to Plaintiff’s concerns on September 28, 2022. This was the last contact between Plaintiff and Defendant, despite Plaintiff’s continued efforts.

Plaintiff has made attempts to reach out to its contacts with Defendant and all such attempts have been unsuccessful. Further, the general phone line listed on Defendant’s website has been disconnected.

Upon information and belief, Defendant stopped paying its employees and contractors in September of 2022.

Emerge allegedly was in possession of files on hundreds of thousands of patients. CommonSpirit sought an injunction from the court, whose order noted that Emerge never responded by the deadline the court had imposed.

It is not clear whether this problem with Emerge had any bearing at all on recovery from the ransomware attack CommonSpirit experienced. DataBreaches has sent an inquiry to CommonSpirit asking them whether this was a totally unrelated situation, but no reply has been received as yet.

Update: CommonSpirit sent the following statement:

CommonSpirit hired Emerge Clinical Solutions to perform certain Information Technology support services. When Emerge failed to respond to our inquiries regarding its safekeeping of certain CommonSpirit data, CommonSpirit sought an injunction for return or destruction of that data.

At this time, we have no reason to believe any data has been subject to any unauthorized access, use or disclosure, and the majority of records entrusted to Emerge have been successfully returned.

This incident is unrelated to the recent cyberattack experienced by CommonSpirit Health.

Related posts:

  • CommonSpirit Health Provides Cyberattack Update and Notification of Data Breach Involving Virginia Mason Franciscan Health in Washington state
  • HCRG Care’s lawyers claimed an injunction issued in a “private” hearing required us to remove two posts. We didn’t comply.
Category: Health DataSubcontractor

Post navigation

← Updating Scripps Health ransomware incident: litigation settlement
Double trouble for JAKKS Pacific: double locked by two ransomware groups →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Ex-student charged with wave of cyber attacks on Sydney uni
  • Detaining Hackers Before the Crime? Tamil Nadu’s Supreme Court Approves Preventive Custody for Cyber Offenders
  • Potential Cyberattack Scrambles Columbia University Computer Systems
  • 222,000 customer records allegedly from Manhattan Parking Group leaked
  • Breaches have consequences (sometimes) (1)
  • Kansas City Man Pleads Guilty for Hacking a Non-Profit
  • British national “IntelBroker” charged with causing $25 million in damages; U.S. seeks his extradition from France
  • France issues press statement about arrest of ShinyHunters members
  • Patients Allege Home Delivery Pharmacy Failed to Timely Notify Them of Data Breach
  • Hackers breach Norwegian dam, open valve at full capacity

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Microsoft’s Departing Privacy Chief Calls for Regulator Outreach
  • Nestle USA Settles Suit Over Job-Application Medical Questions
  • NY Attorney General James Affirms Hospitals Must Provide Access to Emergency Abortion Care
  • How Internet of Things devices affect your privacy – even when they’re not yours
  • Sky Views Personal Data as a Potential Weapon in IPTV Piracy War
  • Florida Used a Nationwide Surveillance Camera Network 250 Times To Aid in Immigration Arrests
  • Federal Court Strikes Down HIPAA Reproductive Health Care Privacy Rule

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.