man in hoodie with computer code

Patient Data from Cyberattack on Chicago Hospital May Have Been Sold

The hospital took its electronic health systems down for more than a month to prevent further infiltration and theft of its data.   March 20, 2024


By Greg Zimmerman, Senior Contributing Editor


Cyberattacks on healthcare facilities are becoming alarmingly more frequent. On January 31, known cyber criminals executed a ransomware attack on Ann & Robert H. Lurie Children’s Hospital in Chicago that resulted in a many-days outage of phone and email systems, patient data systems, and other electronic health records. The hospital was able to take many of its own systems offline to prevent further pirating of data. 

But new reporting shows the cyber criminals may have sold data online, according to NBC Chicago. The FBI is investigating claims by a group known as Rhysida that the data was sold. 

After the cyberattack, it took more than a month to get systems back up and running, according to ABC, and doctors and nurses can again access patient data. Phone systems have also been restored. Officials at the hospital have neither confirmed nor denied the attack was ransomware, nor whether they’ve paid a ransom. 

Related Content: How Facility Managers Can Defend Against Cyberattacks

In Illinois alone, the attack on Lurie Children’s was at least the 125th cyberattack on a healthcare organization since 2020, according to data from the U.S. Department of Health and Human Services.  

Greg Zimmerman is senior contributing editor for FacilitiesNet.com and Building Operating Management magazine.

Next


Read next on FacilitiesNet