A prominent children’s hospital in Chicago confirmed that almost 800,000 people had sensitive health information leaked during a ransomware attack earlier this year.
The Ann & Robert H. Lurie Children’s Hospital of Chicago was attacked in January by the Rhysida ransomware group, which allegedly made more than $3 million from selling the data it stole from the hospital.
In filings with regulators in Texas, Maine and California this week, the hospital said 791,784 people had data exposed when hackers gained access to their systems between January 26-31.
The stolen data included basic information like names, addresses, dates of birth, dates of service, as well as more sensitive information like Social Security numbers, medical records, prescription information, health claims information, and treatments and procedures received.
During the attack, the hospital said it was forced to take its electronic health record system offline alongside its email and phone systems. The portal where patients could review their own records was also taken offline in an effort to stop the attack from spreading.
“We have no indication that the cybercriminals accessed data stored in our electronic health record system, although certain information stored in other Lurie Children’s systems was impacted,” the hospital explained.
“Lurie Children’s did not pay a ransom.”
The hospital added that once its investigation team of cybersecurity experts “identified an amount of data that was impacted by the cybercriminals” it worked with law enforcement “to retrieve that data.”
Victims are being given two years of identity protection services. The hospital said they are one of many hospitals and health systems across the country facing “constantly evolving cybersecurity threats” and are working with teams to further enhance their security systems.
The children’s hospital is one of the biggest pediatric healthcare organizations in the Midwest, serving about 239,000 children each year and treating more children with cancer and blood disorders than any other hospital in the state of Illinois.
It took weeks for the hospital to restore its systems and the disruption left parents scrambling to find other doctors who could help their children access vital medicine and healthcare, according to NBC News.
Two other data breaches connected to ransomware attacks were announced this week.
Texas Retina Associates, which was attacked by the BianLian gang in April, told regulators that 297,500 people in Texas alone had data accessed. Infosys McCamish Systems — a large multinational IT firm — said more than 6 million people had sensitive data stolen during a ransomware attack in November by the now-defunct LockBit gang.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Jonathan Greig
is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.