Lurie Children's Hospital cyberattack leaves network offline for weeks
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Shoshana Gordon/Axios
Lurie Children's Hospital is entering its third week of limited communication with patients after its network was hit with a cyberattack.
Why it matters: Though the hospital is operational and calls are now being rerouted, patients and staff still have limited access to records, and it's uncertain whether such data is secure.
Between the lines: Even non-Lurie health providers that use its network are dealing with limited access to patients' medical history, lab results and other crucial information needed for care decisions, WBEZ reports.
State of play: Last week, hospital officials announced their "network was accessed by a known criminal threat actor." Lurie has said it's working with the FBI but has not provided further details, including whether a ransom has been demanded.
- But cybersecurity experts like Stel Valavanis, CEO of Chicago-based onShore Security, suspect the issue could be a ransomware attack.
The big picture: Hospitals and health care organizations have faced a deluge of ransomware attacks in recent years, Axios' Sam Sabin reports.
- Hackers typically see these organizations as a prime target, because hospitals are likely to pay a ransom to keep essential health services running and because hospital networks contain a wealth of sensitive patient information.
By the numbers: The White House cybersecurity task force recently reported that ransomware attacks were up 45% in 2023.
- The FBI received more reports of ransomware attacks on organizations in the health care and public health sector in 2022 than for any other critical infrastructure sector. These attacks have been rising for at least the last two years and can cripple hospitals financially.
What they're saying: Valavanis — whose company detects, prevents and helps clients recover from ransomware attacks — tells Axios that the move to shut down Lurie's "communication system quickly probably means that's the vector of attack or its compromise has been clear enough to require isolation."
- "Isolation is the very first response action in most incident response plans, but it can only be done with good clarity about [the method the attacker used]."
Zoom in: In many cases, the attacker asks for a ransom, and the insurance carrier would "have them hire an approved mediator to negotiate terms in concert with the FBI," he says.
- "It's very likely this was a long and deep infiltration that took the time to make sure backups were [compromised] or that enough data was exfiltrated for that to be the threat."
What's next: Lurie officials say they'll "continue to share our updates as they become available."