A criminal actor is to blame for a dayslong cyberattack on a Chicago hospital, officials say

CHICAGO– A major children’s hospital in Chicago continues to be plagued by a cyberattack that began more than a week ago, leaving doctors and nurses without access to digital patient records and limiting parents’ ability to communicate with their children’s caregivers.

Officials at Lurie Children’s Hospital said Thursday that they are still cooperating with the FBI and other law enforcement, but told reporters that a “known criminal threat actor” had gained access to the hospital’s network.

The hospital shut down its own phone, email and medical records systems after the breach was discovered on Jan. 31, officials said.

“We are taking this matter very seriously and have been working closely with external and internal experts around the clock and in collaboration with law enforcement agencies, including the FBI,” said Dr. Marcelo Malakooti, ​​Lurie’s Chief Medical Officer. “This is an active and ongoing investigation.”

The situation at Lurie Children’s Hospital had all the hallmarks of a ransomware attack, although hospital officials have neither confirmed nor denied the cause. Such extortion attacks are popular among ransomware gangs who seek financial gain by locking data, documents or other critical information and then demanding money to return it to the owner.

Allan Liska, an analyst at cybersecurity firm Recorded Future, said victims are often advised not to name specific criminal groups, but said the description Lurie officials provided Thursday suggests it is an operation well known to U.S. law enforcement.

“Even though we all know that most hospitals, with a few exceptions, don’t have extra money to pay a large ransom, they are much more aggressive than they used to be when going after healthcare providers,” Liska said of ransomware gangs’ strategies .

An FBI representative in Chicago declined to provide further information about the hospital’s comments and referred The Associated Press to a statement released Wednesday confirming an ongoing investigation.

The U.S. Department of Health and Human Services warned in a report last year that healthcare providers are increasingly being targeted by criminals, delaying or disrupting care for patients across the country.

But schools, courts, utilities and government agencies have all been exposed.

Lurie has recommended that patients use a call center, saying it can help people refill prescriptions, schedule appointments and reach healthcare providers.

“We recognize the frustration and concern that the situation is creating for all those affected,” Malakooti said on Thursday. “We are so grateful to this community for the outpouring of support, and we are especially inspired by our staff and their resilience in their commitment to our mission.”

But some parents have reported that the center is not meeting their needs, leaving families unsure when they will get answers.

Brett Callow, a threat analyst at cybersecurity firm Emsisoft, said it could take weeks for a hospital to restore normal operations after a cyberattack, with critical systems prioritized first.

Lurie Children’s latest annual report states that its staff treated approximately 260,000 patients last year. Pediatric practices in the Chicago area that work with the hospital have also reported that they are unable to access digital medical records because of the attack.