A major nonprofit health system with 140 hospitals in 21 states, CommonSpirit Health, is reporting an “IT security issue” that has disrupted operations in multiple states.

A company spokesperson would not explain the nature of the apparent cyberattack, such as whether the organization’s IT network was hit by ransomware.

The Des Moines Register said the incident occurred Monday and forced the diversion of ambulances from the emergency department of the city’s Mercy One Medical Center to other medical facilities. The Chattanoogan reported that CHI Memorial Hospital was among the facilities impacted.

In a statement Tuesday, CommonSpirit said it had taken “certain IT systems offline” including electronic health records as a precaution and rescheduled some patient appointments. It would not say whether patient records were accessed. Nor did it say when the apparent breach was detected.

Not a Modern Healthcare subscriber? Sign up today.

The Chicago company, formed in 2019 from the alignment of Catholic Health Initiatives and Dignity Health, serves 20 million Americans with more than 1,000 care sites located coast-to-coast.

Healthcare is classified by the US government as one of 16 critical infrastructure sectors, and healthcare providers are seen as ripe targets for hackers.

If patient data is accessed, healthcare providers are required by law to notify the Department of Health and Human Services.

Download Modern Healthcare’s app to stay informed when industry news breaks.