Ann & Robert H. Lurie Children’s Hospital Responding to Cyberattack
On February 1, 2024, Ann & Robert H. Lurie Children’s Hospital in Chicago announced on its website and social media channels that it is responding to a cybersecurity incident and has been forced to take its network systems offline. The cyberattack has been reported to law enforcement agencies and Lurie Children’s is working collaboratively with those agencies and third-party cybersecurity experts to investigate the attack and bring network systems back online as soon as it is safe to do so.
The 360-bed acute care hospital is a leading provider of pediatric care in Illinois and one of the biggest children’s healthcare providers in the Midwest, serving 239,000 children each year. The cyberattack has disrupted normal operations and caused delays to medical care for certain patients, with ultrasound and CT scan results temporarily unavailable. Some appointments and elective procedures have been canceled to ensure patient safety. The hospital has confirmed that its emergency services are unaffected, and it is operating under a first-come, first-served approach and is prioritizing emergency patients.
The system-wide network outage has affected computers, Internet access, email, and phone lines at the main hospital, outpatient centers, and primary care offices. Lurie Children’s Hospital apologized for the inconvenience caused and said it is actively working to resolve the issue as soon as possible and is trying to minimize the disruption to patients as far as possible. Lurie Children’s has been working on establishing an emergency helpline to address patient families’ and community providers’ needs but it was not possible to provide a timeline for when normal operations will resume.
An update was provided on Monday (Feb 5) but little had changed. Lurie Children’s was still working under emergency procedures with access to IT systems still not restored. “We recognize the frustration of not having clarity on when this will be resolved,” explained Lurie Children’s in an updated web notice. “Our investigation remains ongoing and we are working around the clock to resolve this matter. Please understand this process takes time and know that we have highly experienced, capable, and empathetic teams of both internal and external experts responding to this matter.”
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
No ransomware group appears to have claimed responsibility at this stage. Naturally, at such an early stage of the incident response, it is not possible to tell if any patient data has been stolen. Lurie Children’s will provide updates as the investigation progresses. Just a few days ago, another Chicago hospital confirmed that it had suffered a cyberattack. Saint Anthony Hospital fell victim to a LockBit ransomware attack in December. The LockBit group recently added the hospital to its data leak site as it sought payment of a $900,000 ransom and gave the hospital just 2 days to make payment to prevent the release of the stolen data.
