Ann & Robert H. Lurie Children’s Hospital of Chicago (“Lurie Children’s”) was impacted by a ransomware attack. This attack impacted 791,784 individuals and may have included the following personal information: 

• Full name
• Home address
• Email address 
• Telephone number
• Date of birth
• Date(s) of service
• Driver’s license number
• Health claims information (including health plan and health plan beneficiary number)
• Medical conditions, diagnoses or treatments 
• Medical record number
• Prescription information
• Social Security number

“This attack illustrates how much damage can be done in a relatively short amount of time once bad actors gain initial network access,” Erich Kron, Security Awareness Advocate at KnowBe4, commented. “This theft of 600 gigabytes of data, which included very sensitive information, is likely to impact victims of this breach for years to come. Unfortunately, once the information is stolen and sold or dumped on the Internet, there is no good way to undo the damage.”

The Rhysida ransomware group claims to be behind the attack. These cybercriminals accessed the hospital’s systems between January 26 and 31, 2024. 

Kron states, “The Rhysida ransomware group behind the attack is well known for using email phishing to gain initial network access, then following up with cobalt strike to move within the network. Because email phishing continues to be a favorite of ransomware attackers around the world, it’s especially important to ensure employees are educated and trained in how to spot and report these social engineering attacks. In addition, data leakage prevention (DLP) controls need to be in place to help stop the exfiltration of data from the network.”

Lurie Children’s is in the process of notifying impacted individuals and encourages all patients, previous or otherwise, to monitor their accounts.