UPDATE: May 21, 2024: Lurie Children’s Hospital has recovered from a cyberattack it first reported in late January, the Chicago-based provider said Monday.
Patient-facing systems are now reactivated, but the MyChart patient portal may have some incomplete information. The hospital is still working to update the portal with details collected while the system was down.
UPDATE: March 15, 2024: Lurie Children’s Hospital is reactivating its MyChart patient portal, more than six weeks after the Chicago-based provider was hit by a cyberattack.
Over the coming days, online scheduling, e-check in, messaging with providers, medication refill requests and bill pay will come back online, the hospital said Thursday.
“We do not have an estimate when this work will be complete, and we will provide updates as this process progresses,” Lurie said in a statement.
UPDATE: March 5, 2024: Lurie Children’s Hospital has restored its Epic electronic health record more than a month after a cyberattack forced the Chicago-based provider to take down its network systems.
Lurie also fully repaired its phone system, but its MyChart patient portal is still offline.
UPDATE: Feb. 15, 2024: Lurie Children's Hospital has restored external and outbound email capabilities, along with most of its phone lines, after taking its network down last month following a cyberattack. The hospital's patient portal MyChart is still offline, according to a Wednesday update. Lurie is directing patients to contact providers through its call center.
UPDATE: Feb. 9, 2024: Lurie Children’s Hospital confirmed Thursday its network had been accessed by a “known criminal threat actor,” more than a week after the Chicago-based provider was forced to take its computer systems offline.
Lurie shut down its phone, email, electronic health record system and MyChart patient portal on Jan. 31 to protect its data. The hospital has been working with law enforcement, including the FBI.
Dive Brief:
- A Chicago children’s hospital has been without computer system access for over a week following a “cybersecurity matter.”
- Phone, email and electronic systems at Lurie Children’s Hospital are still offline, the pediatric provider reported on Monday. The hospital had initially reported the network outage on Jan. 31.
- The incident comes as the healthcare sector faces increased threats of cyberattacks. Federal regulators have pushed for the industry to boost its protections to safeguard patient care and privacy.
Dive Insight:
In response to the cybersecurity incident, Lurie has intentionally limited its email system to stop receiving or sending external messages, prevented outbound internet traffic and taken its electronic health record system offline.
The nonprofit hospital also can’t receive external calls, except to a call center set up to assist patients and families as the provider works to restore its network.
But Lurie — which provides care for more than 239,000 children each year — is still accepting patients, and has been operating under “downtime procedures” to continue providing care during system outages, the hospital said.
“Please understand this process takes time,” Lurie wrote on its website. The hospital said it has teams of internal and external experts responding to the incident and is collaborating with law enforcement.
The hospital didn’t specify the type of cybersecurity incident that occurred, but other healthcare providers have been forced to take systems offline due to cyberattacks — sometimes taking weeks to fully restore operations.
Ardent Health Services, which runs about 30 hospitals across six states, learned of a ransomware attack on Thanksgiving, and suspended access to its IT systems and diverted emergency care to nearby facilities.
Ransomware, where cybercriminals deny access to a victim’s data and demand payment in return for restored access, pose a critical threat to the healthcare sector, as these attacks can delay or degrade a provider’s ability to offer services.
Ardent was able to restore access to its EHR in early December, and resumed non-emergent surgeries later that month. It took about six weeks before the operator could fully fix its MyChart patient portal.
Recent ransomware attacks against CommonSpirit Health and Prospect Medical Holdings also took weeks to resolve.
Cyberattacks and data breaches are also costly for providers to manage. Another Illinois hospital, St. Margaret’s Health, closed its doors over the summer, citing a ransomware attack as one factor behind its closure.
