Doctors and nurses at a premier Chicago children’s hospital can again access patients’ electronic medical records, more than a month after a cyberattack forced Lurie Children’s Hospital to take its networks offline
CHICAGO — Doctors and nurses at a premier Chicago children’s hospital can again access patients’ electronic medical records, more than a month after a cyberattack forced Lurie Children’s Hospital to take its networks offline.
The hospital provided the update Monday and said its phone system also is fully functioning.
Officials had previously blamed the attack on a “known criminal threat actor” and said the hospital shut down its own systems for phone, email and medical records once the breach was discovered on Jan. 31.
The situation at Lurie Children’s Hospital had all the hallmarks of a ransomware attack, although hospital officials have not confirmed or denied the cause. Such extortion-style attacks are popular among ransomware gangs seeking financial gain by locking data, records or other critical information, and then demanding money to release it back to the owner.
The FBI has said it is investigating.
Hospitals are an appealing target for attackers who know their reliance on online technology.
Lurie Children’s treated around 260,000 patients last year.
The statement released Monday said that a portal letting patients and parents access medical records and send messages to providers, called MyChart, remains offline.
“As an academic medical center, our systems are highly complex and, as a result, the restoration process takes time,” the statement said. “Working closely with our internal and external experts, we are following a careful process as we work towards full restoration of our systems, which includes verifying and testing each system before we bring them back online.”
In early September, the Ann & Robert H. Lurie Children’s Hospital of Chicago fell victim to a cyberattack that disrupted several of its systems. The attack, which was identified as a ransomware incident, caused significant disruption to the hospital’s operations and raised concerns about patient care and data security.
Following the attack, the hospital immediately took steps to contain the breach and mitigate its impact. This included isolating affected systems, conducting forensic investigations, and working with cybersecurity experts to identify and address vulnerabilities in their network. Additionally, the hospital notified law enforcement and regulatory authorities to ensure compliance with data breach reporting requirements.
Despite the challenges posed by the cyberattack, the hospital’s staff worked tirelessly to maintain patient care and ensure the safety of their patients. While some systems were temporarily offline, essential services such as emergency care, surgeries, and critical care units continued to operate without interruption. The hospital also implemented manual processes and alternative communication methods to minimize disruptions and ensure continuity of care.
After weeks of hard work and collaboration with cybersecurity experts, the hospital announced that some systems had been successfully restored a month after the cyberattack. This included electronic medical records, scheduling systems, and other critical infrastructure necessary for day-to-day operations. While the full extent of the damage caused by the attack is still being assessed, the hospital remains committed to ensuring the security and privacy of patient information.
The incident at Lurie Children’s Hospital serves as a stark reminder of the growing threat of cyberattacks in the healthcare industry. Hospitals and healthcare organizations are prime targets for cybercriminals due to the sensitive nature of the data they hold and the critical services they provide. As such, it is essential for healthcare providers to invest in robust cybersecurity measures, employee training, and incident response plans to protect against potential threats.
Moving forward, Lurie Children’s Hospital has vowed to strengthen its cybersecurity defenses and enhance its resilience against future attacks. The hospital is also working closely with regulatory authorities and industry partners to share best practices and lessons learned from this incident. By learning from this experience and taking proactive steps to improve their cybersecurity posture, Lurie Children’s Hospital is committed to safeguarding patient data and ensuring the continuity of care for their young patients.
