The Ann & Robert H. Lurie Children’s Hospital of Chicago was recently hit by a highly advanced ransomware attack, underlining the persistent risk of cybercrime that looms over the healthcare industry.
Lurie Children’s, a leading pediatric hospital in the US and a Level I Pediatric Trauma Center in Illinois, was unable to use electronic medical records and had to rely solely on pen and paper-based documentation.
Orchestrated by the Rhysida ransomware-as-a-service group, this incident underscores the critical need for vigilance against seemingly minor errors, such as typos, that can lead to the installation of malicious packages from repositories like PyPI (Python Package Index).
You can analyze a malware file, network, module, and registry activity with the ANY.RUN malware sandbox, and the Threat Intelligence Lookup that will let you interact with the OS directly from the browser.
The Attack on Lurie Children’s Hospital
Earlier this month, Lurie Children’s Hospital was forced to take its entire network offline due to a “cybersecurity matter,” later identified as a ransomware attack.
The Rhysida group, known for its disruptive activities across the U.S. healthcare system, has claimed responsibility. This group has a notorious history, having previously targeted 16 hospitals nationwide.
Lurie Children’s Hospital, a prominent pediatric healthcare organization in the Midwest, serves approximately 239,000 children annually. Despite the cyberattack, the hospital has remained operational, albeit with some disruptions to appointments and elective surgeries.
The hospital’s MyChart electronic records system remains down, and manual processes have been implemented, leading to longer wait times for prescription requests.
The ransomware group is attempting to extort the hospital for 60 bitcoins, equivalent to just over $3.4 million, in exchange for the stolen data.
This data breach has potentially exposed sensitive information, including Social Security numbers, full names, dates of birth, addresses, and medical and health insurance information.
Rhysida Ransomware-as-a-Service Group
The Rhysida group operates as a ransomware-as-a-service (RaaS), leasing out ransomware tools and infrastructure in a profit-sharing model.
This approach has allowed them to target various sectors, including education, healthcare, manufacturing, information technology, and government.
The group’s ransomware encrypts data using a 4096-bit RSA encryption key with a ChaCha20 algorithm, making it particularly challenging to recover affected files without the decryption key.
Implications and Warnings
The U.S. Department of Health and Human Services issued a warning last August about the increasing attacks by the Rhysida group on the healthcare sector.
This incident at Lurie Children’s Hospital is a stark reminder of the vulnerabilities present in the healthcare industry and the devastating impact of ransomware attacks.
The ransomware attack on Lurie Children’s Hospital by the Rhysida group is a critical wake-up call for healthcare organizations and other sectors to bolster their cybersecurity measures.
It highlights the importance of being cautious of minor errors, such as typos, that can lead to the installation of malicious packages, potentially compromising sensitive data and disrupting essential services.
As cybercriminals evolve their tactics, the need for robust cybersecurity defenses has never been more urgent.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are extremely harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.