Lurie Children’s Hospital officials announced Wednesday that some of their communication systems have been restored after a recent cyberattack forced the provider to take its network offline for the past two weeks.
The hospital said email to external addresses and “a majority of” its phone lines were back up and running. But the patient family portal MyChart remained offline and a hospital call center “continues to be the best way for patient-families to reach providers and service lines,” according to a hospital statement.
“Due to high call volumes, if you receive a busy signal, please try calling us back,” the statement said.
The hospital has continued treating patients amid the network outage, which began on Jan. 31 and has included phone, email, the electronic medical records system and MyChart.
Patients with upcoming procedures and appointments should arrive as scheduled unless their provider contacts them directly, the statement said.
Last week, hospital officials said during a news conference that their network had been accessed by “a known criminal threat actor,” which required the health care provider to take its electronic systems offline.
Lurie did not provide any other details about the criminal actor or when its systems would be fully restored.
The FBI has confirmed to the Chicago Tribune that the agency has been aiding in investigating the cyberattack.
Cybersecurity experts caution that hospitals across the nation are at risk for attacks like the one at Lurie, The Associated Press has reported. Hospitals have recently shifted their use of online technology to support everything from telehealth to medical devices to patient records, and medical providers have become an enticing target for these kinds of attacks.
“Unfortunately, the unintended consequence of the use of all this network and internet-connected technology is it expanded our digital attack surface,” said John Riggi, the American Hospital Association’s cybersecurity adviser. “So, many more opportunities for bad guys to penetrate our networks.”
Health care providers in the United States faced a 93% spike in large breaches from 2018 to 2022, an increase from 369 incidents to 712 during that time; they also were hit with a 278% surge in large breaches involving ransomware during that period, according to a health care cybersecurity report the U.S. Department of Health and Human Services released in December.
“The health care sector is particularly vulnerable to cybersecurity risks and the stakes for patient care and safety are particularly high,” the report said. “Health care facilities are attractive targets for cybercriminals in light of their size, technological dependence, sensitive data and unique vulnerability to disruptions.”
The Associated Press contributed.