Lurie Children’s Hospital Restores EHR System a Month After Ransomware Attack
It has been just over a month since Ann & Robert H. Lurie Children’s Hospital in Chicago experienced a ransomware attack that forced it to take down its phone, email, and medical record systems. Lurie Children’s Hospital, which treats more than 220,000 patients a year, detected a breach of its systems on January 31, 2024, and has confirmed that “a known threat actor” gained access to its systems but did not state whether ransomware was used and has yet to confirm the extent of the data breach.
The known threat actor is the Rhysida ransomware group, which is a relatively new ransomware-as-a-service operation that has been active since May 2023. The group mostly targets organizations in education, government, and manufacturing; however, several attacks have been conducted on healthcare organizations including Singing River Health System and Prospect Medical Holdings. The group is not a major player in the ransomware market but is a well-established group that conducted at least 74 attacks in 2023 – around 2% of all ransomware attacks globally, and last year was behind 4% of attacks on the healthcare sector.
Rhysida engages in double extortion tactics, where sensitive data is copied from the victim’s network before file encryption and payments are required to obtain the keys to decrypt data and prevent the release or sale of the stolen data. In late February, the group said on its data leak site that 600 GB of data was stolen from Lurie Children’s Hospital and would be offered for sale this week and could be bought exclusively for 60 bitcoin – around $3.4 million. It would appear that Lurie Children’s Hospital refused to pay the ransom as Rhysida claimed it sold the data this week. Lurie Children’s Hospital has confirmed that it is aware of the group’s claims but has not shared any details about the nature of the attack and said it is continuing to investigate and is working closely with law enforcement and security experts.
“As an academic medical center, our systems are highly complex and, as a result, the restoration process takes time,” said a spokesperson for the hospital. “Working closely with our internal and external experts, we are following a careful process as we work towards full restoration of our systems, which includes verifying and testing each system before we bring them back online.” Lurie Children’s Hospital said it has teams working round the clock to restore its systems and this week its electronic medical record system was restored along with other key systems; however, the MyChart patient portal remains offline. Patients use the MyChart portal to view their health data, make appointments, contact doctors, request prescription refills, receive cost estimates for services, and pay their bills.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“We recognize the concern and inconvenience this system outage may cause our patient-families and community providers, and are working diligently to resolve this matter as quickly and effectively as possible,” explained the hospital in a notice to patients. “We thank you for your continued patience.”
