Chicago pediatric hospital Lurie Children’s has been forced to take its network offline in the face of a “cybersecurity matter” as experts warn of heightened threats against health systems across the country.
Late Thursday, Lurie Children’s Hospital, which uses Epic System’s electronic health record software, said it was “actively responding” to the issue and working with experts and law enforcement. While the Illinois hospital is still open, it preemptively disabled its phone, email and electronic medical system, disrupting scheduled surgeries and making it harder for patients’ families to reach doctors, CBSNews reported. The disruptions reportedly began Wednesday.
The news comes as regulators and experts sound the alarm on growing cybersecurity threats. Late last month the Department of Health and Human Services published voluntary cybersecurity goals for the health sector, after a 2023 report warned of “dramatic increases” in cyber attacks that “compromise US hospitals, disrupt operations and extort for financial gain.”
“Directly targeted ransomware attacks aimed to disrupt clinical operations are an outsized and growing cyber threat to hospitals,” the 2023 report said.
Lurie Children’s has not clarified whether the incident it faces is a cyber attack, and did not respond to multiple inquiries from STAT.
Data breaches in the health sector reached an all-time high last year, impacting as many as 116 million patients, largely due to an increase in hacking and IT incidents, STAT has reported. That’s more than double the number of people impacted the previous year.
Last year even topped 2015’s outlier record in which breaches at Anthem, Premier Blue Cross and Excellus exposed data from tens of millions of people, tipping the total number impacted to more than 112 million.
A few dozen health organizations, including clinics, health systems and insurers, have already reported breaches related to hacking or IT incidents to the federal government this year.
In late December, an “unknown actor” copied patient data from Chicago’s Saint Anthony Hospital network, the hospital said in a public notice last week. Saint Anthony is still investigating how many patients and what kind of information were impacted.
The threats aren’t limited to hospitals: This week FBI director Christopher Wray warned Congress that state-sponsored hackers are targeting U.S. infrastructure, including the power grid. Still, there’s no indication that Lurie’s incident is related to any such national security threat.