Lurie Children's Hospital

Yesterday, Ann & Robert H. Lurie Children’s Hospital of Chicago began issuing data breach notifications to 791,784 people following the ransomware attack that crippled its systems in January 2024. Ransomware group Rhysida was behind the attack and demanded a $3.4 million ransom which the hospital has confirmed it did not pay.

Based on records affected, this is the biggest ransomware attack on a US healthcare organization this year so far.

In its notification, Lurie Children’s Hospital advises that the information affected includes: name, address, date of birth, dates of service, driver’s license number, email address, health claims information, health plan, health plan beneficiary number, medical condition or diagnosis, medical record number, medical treatment, prescription information, Social Security number, and telephone number. The types of data involved varies by individual.

The hospital is offering those affected 24 months of free credit monitoring from Experian. Comparitech recommends using these services while also checking accounts for any suspicious activity.

As well as the breach, Lurie Children’s Hospital suffered widespread disruptions to its operations with patient-facing systems only being restored around three and a half months after the attack.

Who is Rhysida?

Rhysida is thought to have ties to the ransomware group Vice Society and first originated in May 2023. Since then, we have logged 46 confirmed attacks via this group. These attacks have affected over 3.3 million records and the average ransom has been just over $1 million.

Rhysida posted Lurie Children’s Hospital to its site in February 2024, demanding 60 BTC in ransom.

Rhysida ransomware

Rhysida is also the group behind the attack on the British Library in October 2023 which caused months’ worth of disruptions and is likely to cost around £7 million (USD 8.9 million).

So far this year we’ve tracked six confirmed attacks via Rhysida and 21 unconfirmed attacks.

Ransomware attacks on US healthcare organizations

Throughout 2024 so far, we’ve tracked 36 ransomware attacks on US healthcare companies affecting 3,145,446 records. As mentioned above, Lurie Children’s Hospital is the largest attack based on records affected.

Other large attacks have been those on Group Health Cooperative of South Central Wisconsin (533,809 records affected), Consulting Radiologists Ltd. (511,947 records affected), and Affiliated Dermatologists & Dermatologic Surgeons P.A. (373,379 records affected).

We have also logged 88 unconfirmed attacks on US healthcare organizations this year so far.

More about Lurie Children’s Hospital

Located in Chicago, the Ann & Robert H. Lurie Children’s Hospital of Chicago is one of America’s leading children’s hospitals. Over 239,000 children receive care at this hospital annually.