BREAKING AT&T Data Breach: ‘Nearly All’ Wireless Customers Exposed in Massive Hack
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

Chicago Children’s Hospital Says 791,000 Impacted by Ransomware Attack

Ann & Robert H. Lurie Children’s Hospital of Chicago says the recent data breach caused by a ransomware attack impacts 791,000 people.

healthcare and medical data breach

Ann & Robert H. Lurie Children’s Hospital of Chicago is informing hundreds of thousands of individuals that their personal and health information has been compromised as a result of a ransomware attack.

The children’s hospital took many of its systems offline in late January in response to a cyberattack. The incident resulted in limited access to medical records, disruptions to a patient portal, and hampered communications. 

An investigation revealed that cybercriminals had access to Lurie Children’s systems between January 26 and January 31, 2024. 

A wide range of information was compromised, including name, address, date of birth, dates of service, driver’s license number, Social Security number, email address, phone number, health claims information, medical condition or diagnosis, medical record number, medical treatment, and prescription information. 

The children’s hospital did not specifically say that it was targeted by a ransomware group, but it did say in a data breach notification on its website that it refused to pay a ransom. 

“Experts have advised that making a payment to cybercriminals does not guarantee the deletion or retrieval of data that has been taken. Once our investigation team identified an amount of data that was impacted by the cybercriminals, we worked closely with law enforcement to retrieve that data,” Lurie Children’s said.

Indeed, the Rhysida ransomware group, which took credit for the attack on Lurie Children’s, has claimed on its website that the data stolen from the hospital has been sold, which indicates that a ransom has not been paid. The cybercriminals claim to have stolen 600 Gb of data from the organization. 

A notice published by the Maine Attorney General’s office on Thursday reveals that the incident has affected more than 791,000 people. 

Impacted individuals are being notified and offered 24 months of identity and fraud protection services at no cost. 

Advertisement. Scroll to continue reading.

Related: Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn

Related: Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyberattack

Related: CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw

Related: 900k Impacted by Data Breach at Mississippi Healthcare Provider

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

ICS and OT cybersecurity solutions provider TXOne Networks appoints Stephen Driggers as new CRO

Identity orchestration provider Strata Identity appoints Aldo Pietropaolo as Field CTO

Cybersecurity provider for the aviation industry Cyviation has appointed Eliran Almog as Chief Executive Officer.

More People On The Move

Expert Insights