Rhysida Behind Attack on Children’s Hospital

A man holding a shield with a healthcare cross inside of it.
Photo ID: 475767030 © Diloka107/DepositPhotos.com

In early February, Lurie Children’s Hospital announced it was the victim of a cyberattack. While at first the nature of the attack and the group behind it were unknown, the Rhysida ransomware gang has now claimed responsibility.

The impact of the attack

Lurie Children’s took its systems offline in response to the attack, but has since restored its email and phone systems. However, according to a statement on the hospital’s website, updated on February 22nd, its “electronic health records system, including MyChart, is currently offline.”

While the children’s hospital states that it “is open and providing care to patients with as little disruption as possible,” some patients have had difficulty scheduling appointments since the cyberattack. One family’s health insurance appeal has also been put in jeopardy, as they are unable to access their daughter’s health records thanks to the hack.

Rhysida ransomware

The ransomware gang Rhysida added Lurie Children’s to its dark web leak site on February 28th. The cybercriminal group claims to have stolen 600 GB of data from the hospital and is selling it for 60 BTC (approximately $3.7 million) to a single buyer. However, if the data does not sell, Bleeping Computer reports the gang will lower the price or leak it for free.

Rhysida started operating in May 2023 and has claimed responsibility for 85 attacks so far, according to data from eCrime.ch. Of those 85 attacks, nine have been on organizations in the hospital and healthcare sector, including Prospect Medical Holdings. In that attack, the gang allegedly stole over 500,000 SSNs, as well as photocopies of IDs belonging to Prospect Medical Holdings employees.

Hospitals under attack

Unfortunately, ransomware attacks on healthcare organizations are common. According to data from eCrime.ch, ransomware gangs claimed responsibility for 335 attacks on the healthcare sector in 2023 and 64 since the start of 2024. These kinds of attacks can kill patients, and when hospital data is stolen, patients and staff face the additional threat of identity theft.

While governments have been cracking down on ransomware gangs, their efforts are not always successful. For example, ransomware gangs AlphV/Blackcat and LockBit had their dark web leak sites seized by law enforcement, but returned within weeks.

It thus seems that we can expect ransomware attacks on hospitals to continue for the foreseeable future.

Leave a Comment

Your email address will not be published. Required fields are marked *