CommonSpirit Health Data Breach Investigation

Turke & Strauss LLP, a leading data breach law firm, is investigating CommonSpirit Health, regarding its recent data breach. The CommonSpirit Health data breach involved sensitive personal identifiable information belonging to an undetermined number of individuals.


CommonSpirit Health is one of the largest nonprofit health systems in the United States. Founded in 2019 through the merger of Dignity Health and Catholic Health Initiatives, CommonSpirit Health operates clinics, hospitals, and care centers across the United States. CommonSpirit Health’s regional networks offer services that range from behavioral health assistance to cancer treatment and primary care. Furthermore, CommonSpirit Health serves a wide geographic area, prioritizing healthcare access to a variety of communities, including those that have traditionally been underserved. Headquartered in Chicago, Illinois, CommonSpirit Health operates over 1,000 care sites and 140 hospitals across 21 states.


Recently, CommonSpirit Health and its regional health systems and hospitals, including CHI Health, Virginia Mason Franciscan Health, MercyOne Des Moines Medical Center, and Bergan Mercy Hospital, experienced a data breach in which the sensitive personal identifiable information in its systems may have been accessed. Though much information is still unknown, CommonSpirit Health and its health networks and hospitals recently took their systems offline.

If you are a current or former patient of CommonSpirit Health, CHI Health, Virginia Mason Franciscan Health, MercyOne Des Moines Medical Center, or Bergan Mercy Hospital:

We would like to speak with you about your rights and potential legal remedies in response to this data breach. Please fill out the form, below, or contact us at (608) 237-1775 or

If you were impacted by the CommonSpirit data breach, you may consider taking the following steps to protect your personal information.


  1. Change passwords and security questions for online accounts;
  2. Regularly review account statements for signs of fraud or unauthorized activity;
  3. Monitor credit reports for signs of identity theft; and
  4. Contact a credit bureau(s) to request a temporary fraud alert.

Share This Post: