Ransomware Attack Impacts Ann & Robert H. Lurie Children’s Hospital of Chicago – Personal Information Compromised

Ann & Robert H. Lurie Children’s Hospital of Chicago (“Lurie Children’s”) is reeling from a devastating ransomware attack that has impacted nearly 800,000 individuals. The attack, orchestrated by the notorious Rhysida ransomware group, resulted in the theft of sensitive personal information including full names, addresses, email addresses, telephone numbers, Social Security numbers, and medical records.

Erich Kron, Security Awareness Advocate at KnowBe4, highlighted the severity of the breach, stating that the stolen data, amounting to 600 gigabytes, can have long-lasting consequences for the victims. Kron emphasized the importance of educating employees on how to recognize and report phishing attacks, as well as implementing data leakage prevention controls to prevent the unauthorized exfiltration of data.

The cybercriminals gained access to Lurie Children’s systems between January 26 and 31, 2024, underscoring the rapid pace at which bad actors can inflict damage once inside a network. The hospital is currently in the process of notifying those affected and is advising all patients, past and present, to monitor their accounts for any suspicious activity.

The breach serves as a stark reminder of the ongoing threat posed by ransomware attacks and the critical need for robust cybersecurity measures to safeguard sensitive information. As organizations continue to grapple with increasingly sophisticated cyber threats, the importance of proactive cybersecurity measures and employee training cannot be overstated.