Lurie Children’s Hospital in Chicago faced a devastating cyberattack that compromised the personal information of a staggering 791,000 patients, leading the hospital to take its systems offline to mitigate the damage caused by the breach.
The cybercriminals responsible for this intrusion managed to gain access to the hospital’s systems, causing disruptions to its patient portal, communications, and the ability to access medical records. This breach of security took place between Jan. 26 and 31, 2024, as per the hospital’s ongoing investigation.
In response to the attack, Lurie Children’s Hospital swiftly implemented standard response procedures, including its downtime protocols, to address the situation effectively. Despite the challenges posed by the cyberattack, the hospital has remained operational throughout the investigative process.
The nature and extent of the attack are still being determined, but the hospital revealed that various types of sensitive information were impacted, including names, addresses, dates of birth, driver’s license numbers, medical conditions, Social Security numbers, and more. The specifics of the data compromised may vary from one individual to another.
While the hospital refrained from explicitly stating that the cyberattack involved ransomware, it was clear that no ransom was paid to the perpetrators. Experts advised against engaging with cybercriminals through ransom payments, as there is no guarantee that the stolen data will be deleted or returned upon payment.
The Rhysida ransomware gang claimed responsibility for the breach, showcasing the hospital on its website and boasting about the purported 600GB of data they allegedly obtained and “sold.” In response, Lurie Children’s Hospital has initiated the process of notifying affected individuals and offering two years of Experian Identity Works to help safeguard their personal information.
Additionally, a dedicated call center has been set up to address any queries or concerns regarding the cyberattack and the potential impact on the affected individuals. The hospital is committed to providing support and assistance to ensure that those affected by the breach receive the necessary resources to safeguard their identities and personal information.
As cybersecurity threats continue to evolve and cybercriminals become increasingly sophisticated, it is imperative for organizations, especially those handling sensitive medical information, to enhance their cybersecurity measures and remain vigilant against potential cyber threats. Lurie Children’s Hospital’s experience serves as a stark reminder of the importance of prioritizing cybersecurity and taking proactive steps to protect patients’ data from malicious actors in the digital realm.