Medical Records for 791K Exposed in Ransomware Attack on Lurie Children’s Hospital


July 1, 2024

World map

Lurie Children’s Hospital of Chicago notified nearly three-quarters of a million patients that their personal and health information (PHI) had been compromised in a previously disclosed ransomware attack.

Lurie is one of the largest pediatric healthcare providers in the Midwest, specializing in childhood cancer and blood disorders and treating nearly a quarter of a million sick children each year.

At the time, the attack had caused ongoing disruptions to the hospital’s systems, forcing staff to resort to manual processes which caused delays in the treatment of life-threatening illnesses in children.

Sensitive data exposed includes health claims information, medical conditions and diagnosis, medical treatments, names, addresses, dates of birth, dates of services, driver’s license numbers, Social Security numbers, email addresses, phone numbers, and prescription information, Security Week reports.

The Rhysida ransomware group, which took credit for the attack on Lurie Children’s, has claimed that the 600 Gb of data stolen from the hospital has been sold on the black market because the hospital refused to pay the ransom demand.

Impacted individuals are being offered 24 months of identity and fraud protection services at no cost, which is little consolation for having your child’s medical records exposed.

Takeaway: With the lives of sick children on the line, why is this threat against our healthcare system not being met with a more aggressive and impactful response from the US government?

Ransomware attacks against the healthcare system are increasingly impacting organization’s ability to care for patients, and some studies have already found a direct link between ransomware attacks and increased patient mortality.

A recent study found that 68% said ransomware attacks resulted in a disruption to patient care, and 43% said data exfiltration during the attack also negatively impacted patient care with 46% noting increased mortality rates, and 38% noting more complications in medical procedures following an attack.

Criminal ransomware groups know that the impact of an attack against healthcare organizations does not just disrupt business operations, it directly affects the lives of their patients. Attackers leverage this sense of urgency to enrich themselves.

This puts tremendous pressure on the organization to pay the ransom demand or risk delays in patient care. Ransomware operators know this and use this urgency as leverage to compel ever larger ransom demands.

Potentially life-threatening attacks against the U.S. healthcare systems are occurring nearly every single day now, with some literally putting the lives of sick children at risk. If this does not rise to the level of a serious national security threat, what does?

The U.S. government needs a more impactful strategy for defending healthcare organizations that goes far beyond the constraints of civilian law enforcement, which is limited to merely investigating, indicting, and trying these perpetrators in criminal court.

It’s time to reclassify a subset of ransomware attacks against designated critical infrastructure providers like the healthcare sector as a national security issue so we can leverage more aggressive options in our collective response.

What we have been doing for several years is simply not working. Attackers enjoy safe harbor that leaves them relatively immune from legal actions. Ransomware attacks against healthcare providers represent a serious national security threat, and we need better response options to deter the threat. is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.