Security

Cyber-crime

Lurie Children's Hospital back to pen and paper after cyberattack

It's the second Chicago hospital to disclose a major incident in the same week


For the second time in one week, cybercriminals have targeted a Chicago children's hospital, this time causing significant operational disruption.

Lurie Children's Hospital said it pulled network systems offline as it continues to respond to "a cybersecurity matter" alongside outside experts and law enforcement agencies.

Email, phone, and internet services are unavailable at the hospital, and according to local news, young patients have been unable to attend scheduled appointments for six days and counting.

The hospital remains open for emergencies but is operating on a first come first served basis, according to other reports

Some patients with scheduled elective surgeries have also had their appointments pushed back or canceled. Others say ultrasound systems were down and prescriptions were being handled using analog, pen-and-paper methods.

Lurie Children's Hospital said in a statement: "As Illinois' leading provider for pediatric care, our overarching priority is to continue providing safe, quality care to our patients and the communities we serve. Lurie Children's is open and providing care to patients with as limited disruption as possible.  

"We are very grateful to our workforce and care providers who are committed to preserving our charitable mission during this time. We recognize the concern and inconvenience the systems outage may cause our patient-families and community providers and are working diligently to resolve this matter as quickly and effectively as possible."

The hospital treats more than 200,000 children a year and is home to the Stanley Manne Children's Research Institute, which is actively researching a range of pediatric illnesses and injuries.

Attribution for the attack hasn't been made, nor has any ransomware or other cybercrime group claimed responsibility for it.

The incident closely follows another attack at Saint Anthony Hospital, based just 8km (five miles) from Lurie, with the "credit" swiftly claimed by the LockBit ransomware gang.

The attack on Saint Anthony's system began in December 2023 and the hospital only recently disclosed the extent of the damage – data theft but little to no operational downtime or disruption.

It appears the hospital didn't pay the ransom and the stolen data has been published by LockBit, which is entirely unsurprising given the $800,000 ransom the gang set. Even if Saint Anthony Hospital were inclined to pay, which is very much not the officially recommended route to take, given the lofty sum and the fact it's a non-profit, it's unlikely the hospital would be able to pay anyway.

The healthcare sector has long been a primary target for cybercriminals for many reasons, from generally poorer security postures to the operational disruption an attack on a hospital or similar facility can cause, and everything in between. 

When critical services like these are floored, the chances of making a speedy payment to restore access to key systems is, in theory, more likely than a corporate company that has more time to think about a response strategy.

However, according to new rules reportedly set for imminent approval, US hospitals will have to meet certain cybersecurity standards to receive federal funding in a move the government will hope stems the tide on ransomware's targeting of hospitals.

During El Reg's investigation, we were pointed to a December concept paper from the US Department of Health and Human Services' (HHS) cybersecurity strategy. The paper included proposals for enforcing new standards that if met, would offer financial support and incentives for hospitals. ®

Send us news
9 Comments

Cyberattack on NHS causes hospitals to miss cancer care targets

Healthcare chiefs say impact will persist for months

Medical monitoring machines spotted stealing patient data, users warned to pull the plug ASAP

PLUS: MGM settles breach suits; AWS doesn't trust you with security defaults; A new .NET backdoor; and more

US news org still struggling to print papers a week after 'cybersecurity event'

Publications across 25 states either producing smaller issues or very delayed ones

UK industry leaders unleash hurricane-grade scale for cyberattacks

Freshly minted organization aims to take the guesswork out of incident severity for insurers and policy holders

Dems want answers on national security risks posed by hiring freeze, DOGE probes

Are cybersecurity roles included? Are Elon's enforcers vetted? Inquiring minds want to know

Spending watchdog blasts UK govt over sloth-like progress to shore up IT defenses

Think government cybersecurity is bad? Guess again. It’s alarmingly so

Gilmore Girls fans nabbed as Eurocops dismantle two major cybercrime forums

Nulled and Cracked had a Lorelai-cal rise - until Operation Talent stepped in

Ransomware attack at New York blood services provider – donors turned away during shortage crisis

400 hospitals and med centers across 15 states rely on its products

FortiGate config leaks: Victims' email addresses published online

Experts warn not to take SNAFU lightly as years-long compromises could remain undetected

Trump 'waved a white flag to Chinese hackers' as Homeland Security axed cyber advisory boards

And: America 'has never been less secure,' retired rear admiral tells Congress

DeepSeek's iOS app is a security nightmare, and that's before you consider its TikTok links

PLUS: Spanish cops think they've bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more!

UK armed forces fast-tracking cyber warriors to defend digital front lines

High starting salaries promised after public sector infosec pay criticized