Ransomware Operators Claim Sale of Exfiltrated Lurie Children's Hospital Data


March 7, 2024

World map

The Rhysida ransomware gang is claiming they sold sensitive data exfiltrated in a February attack on from a Lurie Children's Hospital Data in Chicago after putting it up for sale for $3.4 million on the group’s leaks site.

Lurie is one of the biggest pediatric healthcare providers in the U.S. Midwest, treating nearly a quarter of a million sick children each year, specializing in childhood cancer and blood disorders.  

The attack has caused ongoing disruptions to the hospital’s systems and forced delays on treatment of life-threatening illnesses.  

“The attack last month on Lurie Children’s Hospital forced staff to resort to manual processes as officials took the institution’s entire computer network offline due to what was at the time an unspecified cybersecurity matter,” The record reports.

“Subsequently, the Rhysida ransomware group listed Lurie Children's on its darknet extortion site, attempting to sell data stolen from the institution for 60 bitcoins, equivalent to just over $3.4 million. The listing was updated this week to claim: All data was sold.”

Takeaway: With sick children’s lives literally on the line, why is this threat against our healthcare system not being taken more seriously?

Criminal ransomware groups know that the impact of an attack against healthcare organizations does not just disrupt business operations, it directly affects the lives of their patients. Attackers leverage this sense of urgency to enrich themselves

This puts tremendous pressure on the organization to pay the ransom demand or risk delays in patient care. Ransomware operators know this and use this urgency as leverage to compel ever larger ransom demands

Just this week, researchers suggest that a $22 million Bitcoin blockchain transaction is potentially evidence that the BlackCat/ALPHV ransomware gang may have hit a big payday in their ongoing attack against Change Healthcare, the largest healthcare payment processor in the US.

American Hospital Association CEO Rick Pollack had described the attack, which has disrupted the distribution of prescription drugs nationwide for nearly two weeks, as “the most serious incident of its kind leveled against a U.S. health care organization.”

Ransomware attacks against the healthcare system are increasingly impacting organization’s ability to care for patients, and some studies have already found a direct link between ransomware attacks and increased patient mortality.

A recent study found that 68% said ransomware attacks resulted in a disruption to patient care, and 43% said data exfiltration during the attack also negatively impacted patient care with 46% noting increased mortality rates, and 38% noting more complications in medical procedures following an attack.

Other examples of recent incidents include a ransomware attack on Prospect Medical Holdings that forced the suspension of services at emergency rooms, cancelled medical procedures, downed billing systems, and caused ambulances to be diverted at multiple healthcare facilities.

And several emergency rooms in New Jersey were forced to divert ambulances following a disruptive ransomware attack, and an attack on SMP Health forced the organization to cease operations altogether.

These are potentially life-threatening attacks against the U.S. healthcare systems, and some of which are putting sick children at risk. If this does not rise to the level of a serious national security threat, what does?

We need a new set of tools that go far beyond the charter for civilian law enforcement, which is limited to investigating, indicting, and trying criminal action.

If we reclassify a subset of ransomware attacks against particular types of entities, namely designated critical infrastructure providers like the healthcare sector, a great more options are available for collective response that could include offensives measure.

What we have been doing for several years is simply not working. Attackers enjoy safe harbor that leaves them relatively immune from legal actions. Ransomware attacks against healthcare providers represent a serious national security threat, and we need better response options to deter the threat.

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.