Cyber Incident Victim: Ann & Robert H. Lurie Children's Hospital
Date:
Feb 2024
Location:
United States of America
Summary
A Chicago children's hospital experienced a significant cybersecurity incident, forcing it to take network systems offline and disrupting operations. Communication services including email, phones, and internet became unavailable, leading to canceled or delayed appointments and elective surgeries, while prescriptions were handled manually. The facility remains open for emergencies but operates on a first-come, first-served basis. No threat actor has claimed responsibility for the attack, which occurred shortly after a separate ransomware incident at another nearby hospital where stolen data was published. The healthcare organization continues to provide care with limited disruption while working with external experts and law enforcement to resolve the matter. This incident aligns with broader patterns of cybercriminals targeting healthcare institutions due to their critical services and potential operational vulnerabilities.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 6 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 1, 2024, Ann & Robert H. Lurie Children's Hospital in Chicago experienced a cybersecurity incident that forced the organization to take its network systems offline. The hospital confirmed it was responding to the matter with assistance from external cybersecurity experts and law enforcement agencies. Critical communication infrastructure—including email, phone systems, and internet services—became unavailable. Operational disruptions emerged immediately, with patients unable to attend scheduled appointments for at least six consecutive days. The hospital remained open for emergency care but shifted to a first-come, first-served triage model for walk-in patients. Elective surgeries faced postponements or cancellations, while clinical workflows reverted to manual processes: ultrasound systems were nonfunctional, and staff documented prescriptions and medical records using pen-and-paper methods. Lurie Children's Hospital emphasized its priority of maintaining safe patient care during the outage, acknowledging the inconvenience while thanking staff for sustaining operations under adverse conditions. The hospital treats over 200,000 pediatric patients annually and houses the Stanley Manne Children's Research Institute, though the cyberattack's impact on research activities was not specified.
No threat actor claimed responsibility for the attack, and investigators had not publicly attributed it to any known ransomware group or cybercrime syndicate as of the reporting date. The incident occurred within days of a separate cyberattack on Saint Anthony Hospital, located eight kilometers away, which the LockBit ransomware gang claimed. Unlike Lurie's incident, the Saint Anthony attack caused data theft without significant operational disruption. Lurie's systems outage persisted with no publicized restoration timeline, though the hospital stated it was working to resolve the matter "as quickly and effectively as possible." The broader healthcare sector context was noted, including frequent targeting of medical facilities due to perceived security vulnerabilities and high-pressure environments that may incentivize ransom payments. Federal regulatory developments were referenced, including pending U.S. Department of Health and Human Services proposals to mandate cybersecurity standards for hospitals receiving federal funding, though these policies were unrelated to Lurie's specific incident response.