A Chicago children’s hospital recently restored access to its electronic health records systems after a cyberattack in late January. The ransomware group Rhysida claimed to have sold data stolen in the attack on the dark web for $3.4 million. While the hospital has reactivated key systems, its patient portal, MyChart, remains offline as teams work to restore all remaining systems. Patient portals like MyChart are essential for tasks such as contacting doctors, accessing test results, and managing appointments.
The slower recovery of the patient portal at Lurie Children’s Hospital highlights the challenges healthcare entities face in restoring critical IT systems post-attack. Organizations typically prioritize bringing up systems with the highest importance to their mission first, such as the electronic health record (EHR) system. During an outage, staff may record patient updates on paper, which must be manually entered into the EHR once it is restored. The delay in reopening the patient portal is not uncommon following an attack.
Cyberattacks are stressful events for both staff and patients, especially when there is an extended outage. Staff must transition from paper to electronic records, which can result in a high volume of messages and requests from patients once the patient portal is reopened. Organizations must provide accurate and timely responses to maintain patient trust and rebuild confidence in the entity. Lurie Children’s did not respond to requests for comment on the latest developments.
The Rhysida ransomware group, which first appeared in 2023, has been linked to multiple attacks on hospitals and healthcare systems. The attack on Lurie Children’s is one of many recent hacking incidents affecting healthcare providers. Another recent ransomware attack targeting Change Healthcare, the IT services unit of Optum, has disrupted over 100 critical IT applications and services, impacting the ability of healthcare entities to process claims and conduct vital business activities. The healthcare sector continues to face significant cybersecurity challenges.