What to know in the wake of cyberattack on children’s hospital

Last week, Lurie Children’s Hospital in Chicago revealed details about a recent cyberattack that left them without access to phone lines, email accounts, and other online communications.

After confirming that the cyberattack was instigated “by a known criminal threat actor,” hospital officials said they were working with the FBI to determine how the hack happened and get the institution back to normal operations. 

But since Lurie Children’s Hospital kept details of the cyberattack under wraps for nine days—and admitted that the first step of their incident response plan was to disconnect and isolate all communications systems—cybersecurity experts believe the scope of the impact could be vast.  

Physician leaders emphasized that medical operations at Lurie Children’s Hospital were still functioning like normal. But as the hospital enters the third week of disruptions, the incident underscores the vulnerability of healthcare organizations to cyberthreats. 

As of the time of writing, phone calls to Lurie Children’s Hospital are being re-routed to an external call center. Patients cannot access electronic medical records or lab results. Providers are struggling to schedule appointments and make critical care decisions. And no one knows whether protected health information has been leaked on the dark web.  

How was Lurie Children’s Hospital attacked?

So far, the specifics of the attack are unknown. But cybersecurity experts assume it came via a ransomware attempt. Defined as a type of malicious software designed to encrypt files and demand payment in exchange for their release, ransomware has devastated many North American healthcare organizations in recent years. In fact, the FBI received more reports of ransomware attacks on the healthcare sector in 2022 than any other critical infrastructure industry. Moreover, in 2023, ransomware payments hit a record $1.1 billion, highlighting the increasing rate and financial impact of these attacks.

Why are hackers targeting healthcare organizations?

Because they have come to view such institutions as easy targets. Hospitals manage hundreds of thousands of sensitive patient records and are more likely to fork over ransom payments to shield them while trying to keep essential services running.

Since so many high–profile hacks have targeted the healthcare industry in recent years, cybersecurity professionals believe the industry faces a critical juncture in its ongoing battle. Lurie Children’s Hospital has assured patients and their families that they are prioritizing the confidentiality and integrity of medical information. But many worry that it’s already too late to prevent unauthorized access or disclosure.

What can healthcare organizations do to protect themselves? 

In light of this cyberattack, IT providers like CMIT Solutions are urging businesses in the healthcare industry to reevaluate their cybersecurity measures and bolster their defenses. This includes proactive system monitoring, advanced threat detection technologies, reliable data backup, enhanced employee training, and much more.

Below, we dive into the details of these critical tools and how they can protect businesses in the healthcare sector and other industries:

• Implement multi-layered cybersecurity measures. These range from broad-based security for all systems to specific protections for electronic medical records and medical scheduling. At CMIT Solutions, we recommend a diverse approach that includes advanced firewalls, intrusion detection systems, and endpoint encryption for every device. It’s also critical to regularly update and patch software and systems and to mitigate the risk of exploitation.
  
• Conduct regular security audits, risk assessments, and incident response reviews. Working with a trusted IT partner, companies operating in every sector should undertake comprehensive cybersecurity audits to identify potential vulnerabilities and weaknesses in your organization’s infrastructure. Risk assessments can outline the potential impact of cyberthreats, while simulated incident response protocols can help employees know what actions to take to protect information in the event of a problem.
  
• Provide ongoing employee education and training. If the Lurie Children’s Hospital attack is traced back to ransomware, cybersecurity experts will likely point to human error as the cause of the infection. When employees know how to spot phishing attempts, strengthen passwords, and follow cybersecurity protocols, the chances of negative impacts decrease. Healthcare businesses should also implement clear policies and procedures for the secure handling of sensitive data.
  
• Back up critical information regularly. Many cybersecurity experts speculate that Lurie Children’s Hospital either did not have sufficient data backups in place—or housed them on devices connected to their main network, allowing them to be infected when the ransomware struck. If data is backed up regularly, remotely, and redundantly (i.e., stored in multiple on-site and off-site locations), businesses can quickly bounce back from ransomware attacks by wiping affected systems clean and rebooting from a recent backup.
  
• Establish incident response plans. It’s also important to have procedures and protocols in place in the event of an attack. These response plans involve testing backup systems to verify data integrity and restoration capabilities, conducting regular simulation exercises to understand the effectiveness of such responses, and identifying areas of improvement before a real attack strikes.
  
• Maintain regulatory compliance. Any business operating in the healthcare industry is required to comply with relevant regulations and standards like HIPAA (the Health Insurance Portability and Accountability Act). More importantly, any HIPAA violation can lead to civil and criminal penalties, substantial monetary fines, and reputational impacts that are difficult to recover from.
  
• Work with a trusted expert in your community. Not sure how to wrap your head around the long list of recommendations outlined above? Established IT service providers like CMIT Solutions can help to understand emerging threats, promote threat intelligence, implement cybersecurity best practices, and respond when incidents occur. Most importantly, a fellow business owner rooted in your local community will understand the need to solve short-term problems while positioning your company to make sound financial investments that lead to long-term success.

The recent cyberattack on Lurie Children’s Hospital serves as a stark reminder of the dangers facing healthcare organizations. And fear and uncertainty about the digital landscape can leave many businesses vulnerable to digital risk.

At CMIT Solutions, we work hard to protect data, secure networks, and empower employees. As a large North American system with more than 25 years of experience and 250-plus offices across the United States and Canada, we deliver threat protection and trusted advice to every client.

Whether you’re a large healthcare system looking for operational stability or a small office that needs to upgrade its computer systems, CMIT Solutions can help. Contact us today to prevent ransomware and ensure a safer future for your business.