Lurie Children's Hospital is investigating claims that information allegedly stolen in a recent cyberattack on the hospital was sold online, NBC 5 Investigates has learned.
On Friday, ransomware lending group Rhysida claimed to have sold data obtained from Lurie Children's Hospital, according to a post obtained by NBC 5 Investigates.
“All data was sold,” the post said, which was verified by cybersecurity firm Check Point Software.
In a statement provided to NBC 5 Investigates this week, a hospital spokesperson said: “We are aware that an individual claiming to be Ricida, a known threat actor, has claimed to have sold data they claim to have obtained from Lurie Children’s. We are actively investigating the allegations, working closely with our partners and law enforcement. The investigation is ongoing and we will share updates as appropriate.”
An NBC 5 investigation has determined that the recent cyberattack involving Lurie Children's Hospital is one of a growing number of attacks involving healthcare organizations across the country.
Another recent attack on Change Healthcare, a subsidiary of UnitedHealth Group, disrupted patients, clinics, and pharmacies across the country.
NBC 5 Investigates reviewed federal records from the U.S. Department of Health and Human Services and found that at least 125 health care providers in Illinois alone have reported some kind of breach since 2020.
These include hacking, theft, and unauthorized access to records, potentially resulting in the personal information of 7 million people being compromised. This number does not include the recent cyberattack at Lurie Children's Hospital.
The attack, which the hospital said it learned about on January 31st, significantly disrupted the hospital's normal operations and temporarily halted procedure scheduling, electronic information sharing, and even telephone communications. Ta.
The cyber attack left parents and their children shaken and worried about delays and obstacles to accessing care.
Just last week, Lurie Children's Hospital announced that “system recovery continues'' and that the medical records platform and other critical systems had been restored, but MyChart, the online app that patients and their families can access, was restored. announced that it could not be done. Records and appointments remained inaccessible.
“As an academic medical center, our systems are highly complex and, as a result, the recovery process takes time. We are working closely with internal and external experts and are working diligently to fully restore our systems. “We are working through a process that includes validating and testing each system before bringing it back online,” the hospital said in a March 4 statement. “We recognize the concern and inconvenience this outage will cause to patient families and local health care providers, and we are working diligently to resolve this issue as quickly and effectively as possible…”
As of August, the U.S. Department of Health and Human Services warned that the Rhysida group's primary methods include phishing attacks and that the group could begin to “consider the healthcare sector as a viable target.” was.
Another warning from the federal government followed in November, this time from the Cybersecurity and Infrastructure Security Agency, which showed how Rhysida infiltrates computer systems. The bulletin called on educational institutions, healthcare institutions and others to implement a series of strategies to mitigate potential attacks.
The advisory asks organizations to “(test) their existing security management inventory to assess how it performs against the technologies described in this advisory.”
A Lurie spokesperson did not respond to NBC 5 Investigates' questions about the two previous government warnings or what mitigation measures the hospital had taken before the latest attack.
Cindi Carter, chief information security officer at Check Point Software, said the impact of the recent attack on Lurie Children's Hospital is significant.
“We're talking about about 240,000 patients in that hospital, and those children are getting cancer, and we're talking about what kind of disease is being properly treated. So , which is very important.”
Chris Karlis, a Chicago-area cybersecurity consultant, said he often played the role of an “attacker” helping companies test their systems for vulnerabilities.
“Certainly, there are ongoing problems there. The number of ransomware attacks that occur all the time is alarming. None get as much attention as this hospital attack,” said Karlis, the cybersecurity consultant.
Although the specific details of this particular ransomware attack involving Lurie Children's Hospital are still unclear, Karlis said:
“A lot of times it's a numbers game. They're not just sending one or two emails. They're sending a bunch of emails to different organizations. They're all slightly different and have different “They may have a huge payload, but ultimately they're looking for that one fish that's going to bite and give them access to that network,” he said.