HQ/EMEAFind out how we can help your business
A large-scale cyberattack recently affected Lurie Children’s Hospital in Chicago, compromising the private data of 791,000 patients. The breach, which happened between January 26 and January 31, 2024, compelled the hospital to take its systems offline, which seriously interfered with internal communications, the patient portal, and the availability of medical information.
This Monday, the Chicago hospital announced a data breach, confirming that hackers gained access to a large amount of private data, containing names, addresses, birthdates, service dates, driver’s license numbers, email addresses, information about health claims, beneficiary numbers for health plans, medical conditions or diagnoses, medical record numbers, prescription information, Social Security numbers, and medical treatment information.
Lurie Children’s Hospital used routine response processes, such as its established downtime procedures, to keep running despite the disturbance. The hospital informed the public that it had not paid a ransom and underlined that professionals had recommended against paying cybercriminals since there is no assurance that data would be deleted or recovered.
Rhysida ransomware group claimed the attack on the Chicago hospital.
The hospital was mentioned on the website of the Rhysida ransomware group, which claimed to have carried out the attack. They claimed to have stolen 600GB of data that had supposedly already been sold. The attribution to Rhysida implies a ransomware attack, even if the hospital’s notice did not corroborate such a situation.
Lurie Children’s Hospital is providing 24-month identity theft protection services through Experian Identity Works and alerting all impacted individuals as part of its response. In addition, a special call centre has been set up to handle inquiries and worries from anyone affected by the hack.
The cyberattack incident highlights how dangerous cyberattacks are becoming for healthcare organisations, which store enormous volumes of private information. The hospital’s experience emphasises how crucial it is to have strong cybersecurity defences and comprehensive response plans in place to lessen the effects of such intrusions.
