Cyberattack on a Chicago children’s hospital has shut down its systems for a week
Lurie Children's Hospital in Chicago is still trying to restore its computer systems nearly a week after a cybersecurity incident prompted it to shut down its network.
(CNN) — A children’s hospital in Chicago is still trying to restore its computer systems nearly a week after a cybersecurity incident prompted it to shut down its network. Lurie Children’s Hospital says the outage has affected email, phones and some other electronic systems.
The hospital remains operational, but it said the outage has made scheduling, accessing medical records and prescription history difficult for patients and staff.
“We recognize the frustration of not having clarity on when this will be resolved,” Lurie said in a statement posted to its website. “Our investigation remains ongoing and we are working around the clock to resolve this matter.”
The hospital first announced the outage on January 31 but did not publicly acknowledge that it was related to cybersecurity until February 4. Lurie says the outage is not directly affecting most operations, including emergency admissions, but some patients and doctors are having difficulty accessing records electronically.
“At first, we had some patients having trouble communicating with their specialists, but we were able to back-channel that in a couple of ways,” Dr. Andy Bernstein, a pediatrician at North Suburban Pediatrics, told CNN affiliate WLS on Monday.
Lurie has not given any details on the nature of the cybersecurity incident or whether a ransom has been demanded for full access to its systems.
“We are taking this very seriously, are investigating with the support of leading experts, and are working in collaboration with law enforcement agencies,” the hospital said.
Late last week, Lurie established a call center for clients who are unable to reach the hospital through their regular phone number or electronic messaging systems.
Attacks on health infrastructure have become all too common. Another hospital in Illinois closed in June of 2023 due in part to a cyberattack — a rare case of a health care provider publicly linking a hack incident to its closure. The 2021 cyberattack on St. Margaret’s Health in Spring Valley, Illinois, hobbled computer systems for months and prevented it from filing insurance claims, Linda Burt, a hospital vice president, told CNN.
A cyberattack that diverted ambulances from hospitals in East Texas on Thanksgiving Day last year also forced hospitals in New Jersey, New Mexico and Oklahoma to reroute ambulances. All of the affected hospitals are owned, or partly owned, by Ardent Health Services, a Tennessee-based company that owns more than two dozen hospitals in at least five states.
Recognizing that the status quo of hacks regularly disrupting health care in America is untenable and that federal officials and hospital executives need to do much more to combat the problem, the Department of Health and Human Services unveiled plans to ramp up federal funding for ill-protected rural hospitals and impose stricter fines for lax security at health care providers in December.
“This is a really urgent threat,” HHS Deputy Secretary Andrea Palm told CNN, adding that there are rural hospitals and other cash-strapped facilities “that really need help investing” in technology and security practices “to help them keep up” the threat.
CNN cybersecurity reporter Sean Lyngaas contributed to this report.
This story has been updated to clarify where Dr. Andy Bernstein works.
The-CNN-Wire
™ & © 2024 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.
