On Wednesday, January 31, based on evidence of suspicious activity and consistent with best practices, Lurie Children’s Health took their systems offline, including phone, e-mail, electronic medical records system, and MyChart, a patient family portal. They did this to protect the information of their patients, workforce and organization.
They can confirm that their network was accessed by a known criminal threat actor.
Related: HHS Releases Voluntary Cybersecurity Performance Goals
They have been working closely, around the clock, with outside and internal experts and in collaboration with law enforcement, including the FBI. This is an active and ongoing investigation. As an academic medical center, their systems are highly complex, and these incidents can take time to resolve.
Throughout this period, all Lurie Children’s locations have remained open, accepting and caring for patients with as few disruptions as possible.
They implemented their emergency preparedness plans, including downtime procedures throughout the organization.
Listeria Outbreak Infects 38, Kills 12 in Senior Care Facilities 
HCA Florida Healthcare Completes Purchase of Lehigh Regional Medical Center
Chemical-Dispensing Systems and Patient Health: A Closer Look
BayCare Opens Behavioral Health Urgent Care Center in Florida
EV Charging in Healthcare: Does the ROI Make Sense for the C-Suite?