Lurie Children's Hospital back to pen and paper after cyberattack

It's the second Chicago hospital to disclose a major incident in the same week

For the second time in one week, cybercriminals have targeted a Chicago children's hospital, this time causing significant operational disruption.

Lurie Children's Hospital said it pulled network systems offline as it continues to respond to "a cybersecurity matter" alongside outside experts and law enforcement agencies.

Email, phone, and internet services are unavailable at the hospital, and according to local news, young patients have been unable to attend scheduled appointments for six days and counting.

The hospital remains open for emergencies but is operating on a first come first served basis, according to other reports

Some patients with scheduled elective surgeries have also had their appointments pushed back or canceled. Others say ultrasound systems were down and prescriptions were being handled using analog, pen-and-paper methods.

Lurie Children's Hospital said in a statement: "As Illinois' leading provider for pediatric care, our overarching priority is to continue providing safe, quality care to our patients and the communities we serve. Lurie Children's is open and providing care to patients with as limited disruption as possible.  

"We are very grateful to our workforce and care providers who are committed to preserving our charitable mission during this time. We recognize the concern and inconvenience the systems outage may cause our patient-families and community providers and are working diligently to resolve this matter as quickly and effectively as possible."

The hospital treats more than 200,000 children a year and is home to the Stanley Manne Children's Research Institute, which is actively researching a range of pediatric illnesses and injuries.

Attribution for the attack hasn't been made, nor has any ransomware or other cybercrime group claimed responsibility for it.

The incident closely follows another attack at Saint Anthony Hospital, based just 8km (five miles) from Lurie, with the "credit" swiftly claimed by the LockBit ransomware gang.

The attack on Saint Anthony's system began in December 2023 and the hospital only recently disclosed the extent of the damage – data theft but little to no operational downtime or disruption.

It appears the hospital didn't pay the ransom and the stolen data has been published by LockBit, which is entirely unsurprising given the $800,000 ransom the gang set. Even if Saint Anthony Hospital were inclined to pay, which is very much not the officially recommended route to take, given the lofty sum and the fact it's a non-profit, it's unlikely the hospital would be able to pay anyway.

The healthcare sector has long been a primary target for cybercriminals for many reasons, from generally poorer security postures to the operational disruption an attack on a hospital or similar facility can cause, and everything in between. 

When critical services like these are floored, the chances of making a speedy payment to restore access to key systems is, in theory, more likely than a corporate company that has more time to think about a response strategy.

However, according to new rules reportedly set for imminent approval, US hospitals will have to meet certain cybersecurity standards to receive federal funding in a move the government will hope stems the tide on ransomware's targeting of hospitals.

During El Reg's investigation, we were pointed to a December concept paper from the US Department of Health and Human Services' (HHS) cybersecurity strategy. The paper included proposals for enforcing new standards that if met, would offer financial support and incentives for hospitals. ®

Send us news

Change Healthcare faces second ransomware dilemma weeks after ALPHV attack

Theories abound over who's truly responsible

Change Healthcare’s ransomware attack costs edge toward $1B so far

First glimpse at attack financials reveals huge pain

UK businesses shockingly unaware of how to handle security threats

Many decide to make no changes after detecting a breach

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Extent of information seized will be a concern for those affected

Nearly 1M medical records feared stolen from City of Hope cancer centers

Is there no cure for this cyber-plague?

Prolific phishing-made-easy emporium LabHost knocked offline in cyber-cop op

Police emit Spotify Wrapped-style videos to let crims know they're being hunted

Ransomware gang <em>did</em> steal residents' confidential data, UK city council admits

INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs

Open sourcerers say suspected xz-style attacks continue to target maintainers

Social engineering patterns spotted across range of popular projects

Roku makes 2FA mandatory for all after nearly 600K accounts pwned

Streamer says access came via credential stuffing

X fixes URL blunder that could enable convincing social media phishing campaigns

Poorly implemented rule allowed miscreants to deceive users with trusted URLs

Puppies, kittens, data at risk after 'cyber incident' at veterinary giant

IT systems pulled offline for chance to paws and reflect

INC Ransom claims to be behind 'cyber incident' at UK city council

This follows attack on NHS services in Scotland last week