Rhysida Ransomware Claims the Lurie Children’s Hospital Cyberattack, Demands $3.6 Million for Stolen Data

Rhysida Ransomware Claims the Lurie Children's Hospital Cyberattack, Demands $3.6 Million for Stolen Data
Table of Contents
    Add a header to begin generating the table of contents

    The Rhysida ransomware group has taken responsibility for the Lurie Children’s Hospital Cyberattack.  Lurie is a renowned pediatric acute care facility that annually serves more than 200,000 children.


    As a result of the cyberattack, Lurie Children’s Hospital was compelled to temporarily shut down its IT systems, causing delays in certain medical treatments and services.

    Lurie Children’s Hospital Cyberattack Disrupted Operations with Data Becoming Inaccessible

    The cyberattack on Lurie Children’s Hospital had widespread effects on its operations. Communication channels such as email and phone, access to the MyChart platform, and on-premises internet were all disrupted.

    Important medical data, including ultrasound and CT scan results, became inaccessible. Patient service prioritization systems were also taken offline, causing challenges in managing patient care. Additionally, doctors were compelled to resort to manual methods, using pen and paper for prescriptions.

    Rhysida Ransomware Has Taken Responsibility for the Cyberattack on Lurie Children’s Hospital

    In a concerning development, the Rhysida ransomware gang has now included Lurie Children’s Hospital on its extortion portal on the dark web. They claim to have stolen a substantial amount of data, amounting to 600 GB, from the hospital.

    The Rhysida ransomware group has escalated their demands by offering to sell the stolen data from Lurie Children’s Hospital for a sum of 60 BTC, equivalent to $3,700,000. They have provided a strict deadline of seven days for a potential buyer to meet their demands.

    If the deadline is not met, the group has stated their intention to either sell the data to multiple threat actors at a reduced price or release it for free on their platform, further compromising the hospital’s sensitive information. The situation requires immediate attention and appropriate action to mitigate the potential consequences.

    Lurie Children’s Hospital Still Experiences Disruptions

    According to the most recent update from Lurie Children’s Hospital on February 22, 2024, the restoration of their IT system is currently in progress. However, certain operational segments continue to experience disruptions in services.

    Parents are advised to bring a printed copy of their insurance card and their children’s medication bottles to appointments. This precaution is necessary as the health records system, responsible for logging this data, is still offline.

    The MyChart platform remains inaccessible, resulting in longer wait times for patients. Manual prescription preparation using pen and paper is still being implemented, contributing to the delays.

    Due to the ongoing disruptions caused by the cyberattack, there is a possibility that certain procedures and appointments at Lurie Children’s Hospital may need to be canceled and rescheduled. This is necessary to accommodate urgent care cases and manage the situation more effectively.

    As a result of the impact on payment systems, the hospital has extended the timeframe for covering medical bills for the duration of the outage. Additionally, at present, Lurie Children’s Hospital is not charging any no-show fees for missed appointments.

    Rhysida Ransomware Encryptor Likely to be Decrypted Because of a Vulnerability, But Things Are Not That Simple!

    In an interesting turn of events, the Rhysida ransomware gang has encountered a setback. Korean researchers have recently published comprehensive details about a vulnerability in the encryptor employed by the group. This flaw could potentially be utilized to decrypt files without the need to pay a ransom.

    However, the prolonged disruption at Lurie Children’s Hospital suggests that the decryptor previously utilized by law enforcement may no longer be effective against the recent attacks carried out by the Rhysida ransomware group. This indicates that the group has likely evolved their techniques, making it more challenging to counter their actions.

    Moreover, if Rhysida’s assertions regarding the exfiltration of data are indeed accurate, it is a cause for concern. The sensitive medical information of numerous children has been compromised by cybercriminals, resulting in irreversible consequences. This highlights the urgent need for enhanced cybersecurity measures and strategies to safeguard such critical data in the future.

    Related Posts