Late last week, the Lurie Children’s Hospital in Chicago stated they had experienced a cyberattack and had taken their IT systems offline, impacting normal operations. According to local news, they’ve had to cancel children’s appointments for six days and counting.
Lurie Children’s is “Illinois’ leading provider for pediatric care” with 360 beds, 1,665 physicians covering 70 sub-specialties providing care for over 200,000 children annually.
The incident impacted the hospital’s internet, email and phone services. Some elective surgeries and procedures had to be canceled, ultrasound and CT scan results are unavailable, and prescriptions are given in paper form. Also, the hospital has reverted to following a first-come, first-served approach to emergency situations.
“[…] we have intentionally limited our e-mail system, so it is unable to send to or receive emails from non-Lurie Children’s e-mail addresses. We’ve also prevented outbound internet traffic and took our electronic health record offline. We are unable to receive external phone calls, except for calls to our call center,” the hospital said on their website yesterday.
A dedicated helpline has been set up to address patient needs, such as non-urgent inquiries, care-related questions, details about scheduled appointments, and requests for prescription refills.
Carol Volk, EVP, BullWall had this to say:
“The cyberattack on Lurie Children’s Hospital in Chicago highlights the alarming vulnerability of healthcare institutions to cyberattacks threats. The attack took all computers, internet and phones offline, disrupting access to care and making critical information inaccessible.
“The hospital’s decision to resort to a manual-first approach in response to the cyberattack is typical of how real-time service providers must respond to losing their communication networks and emphasizes the severity of the situation. The majority of cyberattacks on medical facilities typically include ransomware, though the hospital has yet to provide details confirming this, but with services down for six days now, this is a major disruption.
“Every such breach, every successful attack, emphasizes the urgent need for increased cybersecurity investments in healthcare. Strengthening defenses against cyber threats is essential to safeguarding patient well-being and ensuring uninterrupted medical services.”
HYAS CEO David Ratner follows with this:
“As many talk about cyber priorities for 2024, events like the cyberattack at the Lurie’s Children’s Hospital in Chicago highlight just how important it is to implement cyber resiliency strategies and solutions. Attacks are not only causing financial or reputational damage, are increasingly impacting critical infrastructure and potentially affecting human lives.”
Any cyberattack is bad. A cyberattack against a health care facility is worse because it’s a threat to life. That’s why defending against such attacks has to be top of mind for anyone in these environments. Otherwise you get a situation like this. Which is very bad.
UPDATE: Emily Phelps, Director, Cyware adds this:
“Healthcare remains a prime target for cyber threats due to the sensitive information they handle. With threat actors exceeding the number of available cybersecurity experts, healthcare entities need to adopt automated tools to help small security teams manage threats more effectively. Additionally, regular training on security awareness for staff is crucial for identifying and circumventing prevalent cyberattack strategies. Finally, healthcare institutions could benefit from collaborating with specialized security services that provide hard-to-find expertise, enhancing their internal defenses.”
Like this:
Like Loading...
Related
This entry was posted on February 5, 2024 at 3:55 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Lurie Children’s Hospital Pwned In Cyberattack
Late last week, the Lurie Children’s Hospital in Chicago stated they had experienced a cyberattack and had taken their IT systems offline, impacting normal operations. According to local news, they’ve had to cancel children’s appointments for six days and counting.
Lurie Children’s is “Illinois’ leading provider for pediatric care” with 360 beds, 1,665 physicians covering 70 sub-specialties providing care for over 200,000 children annually.
The incident impacted the hospital’s internet, email and phone services. Some elective surgeries and procedures had to be canceled, ultrasound and CT scan results are unavailable, and prescriptions are given in paper form. Also, the hospital has reverted to following a first-come, first-served approach to emergency situations.
“[…] we have intentionally limited our e-mail system, so it is unable to send to or receive emails from non-Lurie Children’s e-mail addresses. We’ve also prevented outbound internet traffic and took our electronic health record offline. We are unable to receive external phone calls, except for calls to our call center,” the hospital said on their website yesterday.
A dedicated helpline has been set up to address patient needs, such as non-urgent inquiries, care-related questions, details about scheduled appointments, and requests for prescription refills.
Carol Volk, EVP, BullWall had this to say:
“The cyberattack on Lurie Children’s Hospital in Chicago highlights the alarming vulnerability of healthcare institutions to cyberattacks threats. The attack took all computers, internet and phones offline, disrupting access to care and making critical information inaccessible.
“The hospital’s decision to resort to a manual-first approach in response to the cyberattack is typical of how real-time service providers must respond to losing their communication networks and emphasizes the severity of the situation. The majority of cyberattacks on medical facilities typically include ransomware, though the hospital has yet to provide details confirming this, but with services down for six days now, this is a major disruption.
“Every such breach, every successful attack, emphasizes the urgent need for increased cybersecurity investments in healthcare. Strengthening defenses against cyber threats is essential to safeguarding patient well-being and ensuring uninterrupted medical services.”
HYAS CEO David Ratner follows with this:
“As many talk about cyber priorities for 2024, events like the cyberattack at the Lurie’s Children’s Hospital in Chicago highlight just how important it is to implement cyber resiliency strategies and solutions. Attacks are not only causing financial or reputational damage, are increasingly impacting critical infrastructure and potentially affecting human lives.”
Any cyberattack is bad. A cyberattack against a health care facility is worse because it’s a threat to life. That’s why defending against such attacks has to be top of mind for anyone in these environments. Otherwise you get a situation like this. Which is very bad.
UPDATE: Emily Phelps, Director, Cyware adds this:
“Healthcare remains a prime target for cyber threats due to the sensitive information they handle. With threat actors exceeding the number of available cybersecurity experts, healthcare entities need to adopt automated tools to help small security teams manage threats more effectively. Additionally, regular training on security awareness for staff is crucial for identifying and circumventing prevalent cyberattack strategies. Finally, healthcare institutions could benefit from collaborating with specialized security services that provide hard-to-find expertise, enhancing their internal defenses.”
Share this:
Like this:
Related
This entry was posted on February 5, 2024 at 3:55 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.