Lurie Children’s Hospital of Chicago announced that it was the victim of a cyberattack that caused the healthcare provider to take its systems offline on January 31.
In a statement on its website, Lurie confirmed that its network was accessed by a known criminal threat actor. The hospital is working with outside and internal experts and in collaboration with law enforcement, including the FBI. It is an active and ongoing investigation, and due to the complexity of its systems, the medical center expects it to take time to resolve.
Lurie Children’s will remain open and provide care to patients with as few disruptions as possible. Lurie assured patients it has contingency plans to continue providing safe, reliable care during system outages and has been operating in downtime procedures.
They will continue to accept and care for patients, including emergency care, inpatient care, surgical procedures, and ambulatory visits.
While the investigation into the Lurie cyberattack is underway, phone, email, and electronic systems will remain offline. As part of Lurie Children’s standard incident response procedures, it intentionally limited its email system so it cannot send or receive emails from non-Lurie Children’s email addresses. They also prevented outbound internet traffic and took the electronic health record offline.
Lurie cannot receive external phone calls except for calls to its call center. The facility has been able to refill prescriptions, discuss appointments, and connect patients with their care providers through the call center.
“We recognize the frustration and concern this situation creates for all those impacted,” the company said in a statement. “We are so grateful to our Lurie Children’s community for the outpouring of support. We are especially inspired by our workforce and their resilience and commitment to our mission. We will continue to share our updates as they become available.”