Lurie Children’s Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.
Lurie Children’s is a Chicago-based pediatric acute care hospital with 360 beds, 1,665 physicians covering 70 sub-specialties, and 4,000 medical staff and employees. It is one of the most important pediatric hospitals in the country, providing care for over 200,000 children annually.
Yesterday, the hospital announced on its website and social media platforms that it is actively responding to a cybersecurity incident, which unfortunately resulted in network systems being taken offline to prevent the attack’s spread.
“Lurie Children’s is actively responding to a cybersecurity matter,” disclosed Lurie Children’s Hospital yesterday.
“We are taking this very seriously, are investigating with the support of leading experts, and are working in collaboration with law enforcement agencies. As part of our response to this matter, we have taken network systems offline.” disclosed Lurie Children’s Hospital yesterday.
The healthcare provider previously stated that the incident impacted the hospital’s internet, email, phone services, and ability to access the MyChat platform. Those suffering from a healthcare emergency were advised to dial 911 or visit their nearest emergency department.
“As Illinois’ leading provider for pediatric care, our overarching priority is to continue providing safe, quality care to our patients and the communities we serve,” continues the hospital’s announcement.
“Lurie Children’s is open and providing care to patients with as few disruptions as possible.”
Local media report that scheduled procedures have been delayed due to the cyberattack, ultrasound and CT scan results are unavailable, and prescriptions are given in paper form.
Also, the hospital has reverted to following a first-come, first-served approach, prioritizing emergency situations.
At the time of writing, no major ransomware gangs have assumed responsibility for the attack on Lurie Children’s Hospital.
Despite the so-called guidelines set by ransomware operators, which instruct affiliates to refrain from targeting hospitals, various ransomware gangs ignore these policies and continue to target healthcare organizations.
This is because they either don’t care to enforce these policies or because these guidelines are merely a facade to mask their unrelenting pursuit of financial gain.
Two recent examples of this are the attacks on the Capital Health hospital network and Saint Anthony Hospital in the U.S. and the Katholische Hospitalvereinigung Ostwestfalen (KHO) hospitals in Germany, all conducted by the Lockbit ransomware operation, which claims to have strict policies preventing attacks on hospitals.