Watch CBS News
By
/ CBS Chicago
CHICAGO (CBS) — Frustrations were growing for families dealing with the network outage at Lurie Children’s Hospital.
It’s been nearly a week since a cybersecurity attack took all computers, internet, and phones offline, making access to care and critical information for some inaccessible.
In the last five days, some patients have been able to go to their scheduled appointments, and many were awaiting a call for when their children can return to get the care they need.
“Hospitals and pretty much everything we rely on nowadays depends on computers, and servers and cloud services. And those can be disrupted by cyberattacks, which means malware or attackers, cyber adversaries getting into the system and wreaking havoc,” said Robin Berthier, the co-founder of Network Perception.
The outage has crippled all access to computers, internet, and phones; causing cancellations of elective surgeries and procedures. The cyberattack on Lurie Children’s came less than two months after a similar attack at Saint Anthony Hospital on Chicago’s West Side. “The LockBit gang” reportedly took credit for the ransom attack online
Berthier says this attack is different because it is not on a traditional IT system.
“The life of people is actually at play,” he said.
Some patients have expressed their concern and frustration over social media. One mother said her son has been a regular at Lurie’s after an October eye injury.
While trying to schedule a new appointment, all communication was lost due to the cyberattack. No appointment was scheduled.
“There is a different concern around data leakage when it’s happening with healthcare data,” Berthier said.
The short-term goal is to get the critical systems back in operation.
“And then long-term to do an investigation, and invest in the right set of cybersecurity control to make sure it doesn’t happen again,” said Berthier.
Another expert told CBS 2 that companies should embrace new cybersecurity requirements proposed by the Biden administration. In December, the Department of Health and Human Services called for proposing new cybersecurity requirements for hospitals through Medicare and Medicaid. The federal government also called for publishing voluntary healthcare-specific cybersecurity performance goals and working with Congress to develop funding and incentives for domestic hospitals to improve cybersecurity.
Claire McGlave, a researcher and doctoral student at the University of Minnesota School of Public Health, is part of the first team to study the impact of cyberattacks on healthcare institutions. She said hospitals are prime targets for cybercriminals because they’re very motivated to get their services back online as quickly as possible.
McGlave said at the state level, New York, where regulators announced plans to issue cybersecurity regulations for hospitals in November, is a great model for Illinois. That is, as long as under-resourced hospitals are provided financial and administrative support to get the mandatory systems up and running.
“New York is definitely leading the charge as far as requirements for cybersecurity in hospitals, which is great, because I think we’ve learned that these attacks are happening, and they’re going to keep happening,” McGlave said. “And we need to make sure that patients have access to critical, you know, medical care.”
Law enforcement was working with the hospital and suggested not to pay the ransom if asked. The hospital set up a call center for patients with requests or questions about scheduled appointments and prescription refills: 1-800-KIDS-DOC (1-800-543-7362). The call center is available Monday through Friday, 8 a.m. to 8 p.m.; Saturday, 8 a.m. to 5 p.m.; and Sunday, 8 a.m. to 12 p.m.
CBS 2 also reached out to Northwestern Medicine, which said it is taking necessary precautions to prevent this from happening to its system.
First published on February 4, 2024 / 11:40 PM CST
© 2024 CBS Broadcasting Inc. All Rights Reserved.
©2024 CBS Broadcasting Inc. All Rights Reserved.