In a recent announcement, Lurie Children’s Hospital of Chicago revealed that it has been confronting the repercussions of a cybersecurity breach that unfolded earlier this year. The organization has emphasized its commitment to both patient care and the safeguarding of sensitive information throughout this challenging period.
"Our priority has always been the care and safety of our patients," said a spokesperson from Lurie Children’s. This statement underlines the hospital’s efforts to manage the incident while keeping its operations uninterrupted.
"Our priority has always been the care and safety of our patients,"
The incident was traced back between January 26 and 31, 2024. On January 31, Lurie Children’s took decisive action to secure its systems, temporarily taking offline electronic assets, including email accounts, telephone services, and parts of its electronic health record system (Epic) alongside the patient portal (MyChart).The hospital also activated its standard incident response protocols, known as the Hospital Incident Command Structure (HICS).
“We have retained leading cybersecurity experts and legal counsel to assist in this matter,” the hospital representative noted. They also highlighted that the organization coordinated closely with law enforcement to comprehensively address the attack’s implications.
By the Numbers
Determining the full extent of the breach has proven challenging due to the complexity of the incident. Lurie Children's undertook thorough reviews of the data that may have been affected. According to their findings, the breach potentially involved various pieces of personal information, including names, addresses, dates of birth, social security numbers, medical condition information, and health claims data.
By the Numbers
“We have no indication that the cybercriminals accessed data stored in our electronic health record system (Epic),” clarified the spokesperson. However, they acknowledged that specific details that reside within other Lurie Children’s systems were compromised, prompting a continued investigation into the impact.
Impact and Legacy
In keeping with their commitment to transparency, Lurie Children’s has begun notifying those affected by the breach. Notification letters are being sent directly to individuals whose information was impacted. "Our material will identify resources to help protect their identity,” said the representative, emphasising the hospital’s approach to mitigate potential risks for those affected.
Additionally, Lurie Children’s is providing complimentary access to Experian IdentityWorks℠ for a period of 24 months. This service aims to assist in the protection of individuals’ personal information. "We want to ensure that our patients and families receive the necessary support during this time," said the spokesperson.
"We want to ensure that our patients and families receive the necessary support during this time,"
As a global hospital, Lurie Children’s extends its assurance that individuals located outside the United States may also access these protective services, depending on their availability in respective countries.
The hospital encourages best practices for everyone in safeguarding their information and advises vigilance in reviewing account statements and monitoring for unusual activity.
"It’s imperative to stay informed and protective of one’s personal data, especially during such incidents,” the hospital concluded.
Lurie Children’s Hospital is expected to continue its investigation while upholding its operational functions, signifying its resilience in ensuring patient safety and data privacy amidst a turbulent situation. As they navigate through this cybersecurity challenge, their proactive measures serve as a reminder of the ongoing cyber threats many organizations face today.