Over 100 Total Lots Up For Auction at Two Locations - WA 11/05, PA 11/06

The consequences of the hack of Lurie Children’s Hospital

April 29, 2024
Health IT
Dan Draper
By Dan Draper

More than two months have passed since Lurie Children’s Hospital, the largest pediatric healthcare provider in Illinois, were first forced to confront a breach in its data systems. Rhysida, a ransomware gang, reportedly claimed responsibility for the cyber attack and announced that it had sold the entirety of the hospital’s stolen data, including patient information, for approximately $3.4 million on the dark web. The rat’s nest this left behind is difficult to fully quantify, but to describe the data breach of a healthcare provider that annually serves more than a quarter million children as anything less than devastating would be selling the fallout short.

After Lurie shut down most of its internet-connected equipment on Jan. 31, the assessment and recovery process from the breach began in earnest. Weeks passed before the hospital was able to restore its phones, email access or electronic health records. Lurie didn’t begin reactivating its Epic MyChart patient portal until early mid-March, and the restoration of patient data is still ongoing.

The consequences of cyberattacks on hospitals can be dire. When networks are shut down, physicians and support staff are cut off from critical tools and patients are at risk of suffering severe complications, and even death. Healthcare organizations are often targeted by ransomware attacks explicitly because of the sensitivity and importance of the data they handle. Bad actors know these organizations will typically pay a ransom in order to keep networks online and protect their data, and their efforts are only likely to gain momentum, and cause more loss and lethality, over time. What recourse do healthcare providers have?

A healthy approach to data and systems protection
Consider what we know about the optimization of the human body and the importance of routine health maintenance and daily care in keeping those biological systems online and operating at full capacity. You know the drill: brush three times a day, pop a multivitamin, cut back on red meat, take a walk around the block at lunch, get your rest. No one knows this stuff as well as physicians. So hospitals and other healthcare providers would do well to take a page from their own playbooks when approaching data and information systems protection.

That begins with cyber hygiene. Healthcare organizations should establish a daily (and, in some cases, more frequent) cyber routine to keep their systems and data “healthy.” Just as you and I are advised to get our exercise, eat more vegetables and generally adopt strong wellness habits, every organization that handles sensitive information should take appropriate steps to protect the integrity of their systems and security of their data.

You Must Be Logged In To Post A Comment