CommonSpirit disclosed that a recent ransomware attack against its medical network resulted in a widespread breach of protected health information.

CommonSpirit Health has told regulators that the protected health information of more than 623,700 people was comprised in a ransomware attack first announced in October.

The health system reported the breach on Dec. 1 to the HHS, according to an online breach portal. The breach is now under investigation by HHS Office for Civil Rights.

Providers are required to notify the HHS when breaches occur. If a breach affects more than 500 people, providers are required to tell the department within 60 days following the incident.

Read the full article at Healthcare Dive.