Fraud Management & Cybercrime , Ransomware

EHRs Back at Kids' Hospital But Patient Portal Still Offline

Also: Ransomware Group Rhysida Says It Sold Data Stolen in the Attack
EHRs Back at Kids' Hospital But Patient Portal Still Offline
Image: Ann & Robert H. Lurie Children's Hospital

A Chicago children's hospital has finally restored access to its electronic health records systems following a cyberattack detected in late January. But the pediatrics hospital is still working to bring its MyChart patient portal and various other systems back online.

See Also: Live Webinar | Crack Australia’s Code on Ransomware: Empowering Your Last Line of Defence

In the meantime, the ransomware group Rhysida reportedly said it sold this week on the dark web data stolen in the attack on Ann & Robert H. Lurie Children's Hospital of Chicago.

The ransomware group first listed the data for sale about a week ago for 60 bitcoins, or about $3.4 million (see: Rhysida Offers to Sell Children's Hospital Data for $3.4M).

Lurie Children's, which cares for more than 220,000 patients a year, said in a Wednesday update on the cyberattack that it recently reactivated its Epic EHR platform and other key systems, but MyChart is currently still unavailable.

"Our teams continue working around the clock to reactivate all remaining systems, including MyChart, as quickly as possible," Lurie Children's said.

"As an academic medical center, our systems are highly complex and, as a result, the restoration process takes time. Working closely with our internal and external experts, we are following a careful process as we work towards full restoration of our systems, which includes verifying and testing each system before we bring them back online."

Lurie Children's MyChart, like many patient portals, supports functions such as emailing doctors, accessing test results, requesting prescription refills, making and managing appointments, receiving estimates for out-of-pocket costs for services, streamlining patient check-in, and paying bills.

"We recognize the concern and inconvenience this may cause and are working diligently to resolve this matter as quickly and effectively as possible," Lurie Children's said.

Patient Portal Considerations

Some experts said the slower recovery of Lurie Children's patient portal underscores some of the challenges healthcare entities face when restoring critical IT systems after an attack.

"When restoring systems post-attack, organizations generally will follow their business continuity plan and bring the systems with highest importance to their mission up first," said Kate Pierce, senior virtual information security officer at security firm Fortified Health Security.

"Once the basic infrastructure is restored, generally the EHR will be one of the first systems back online, with other critical systems following in a preplanned order," said Pierce, a former longtime CIO and CISO at North Country Hospital, a 25-bed community hospital in Vermont.

During a systemwide outage, staff most likely record patient health updates on paper. The information in the patient portal is populated from information in the EHR, which typically requires manual entry and validation once the EHR is restored. "Therefore, it is not surprising to see the patient portal lag in reopening to the patients until a period of time after EHR restoration."

A cyberattack is a highly stressful event for both staff and patients, especially when there is an extended outage, Pierce said. "It is important to understand that staff also have the added responsibility of now transitioning back from paper to electronic records. When the portal is released to the patients, this could generate a high number of messages, prescription requests, and other information from patients."

Organizations need to be sure they are able to provide a unified, accurate and timely response to the questions and concerns to ensure they are retaining patient trust and rebuilding confidence in the entity, she said.

Lurie Children's did not immediately respond to Information Security Media Group's request for comment about its latest developments.

In a statement last week, Lurie Children's confirmed it was aware of the dark web claims by Rhysida, but the hospital declined to share details.

The Rhysida ransomware-as-a-service group first appeared in the spring of 2023 and was the subject of an alert by the Department of Health and Human Services to the healthcare sector last August amid several attacks on hospitals and healthcare systems (see: Authorities Warn Health Sector of Attacks by Rhysida Group).

Other Attacks

The attack on Lurie Children's is one of the latest disruptive hacking incidents affecting hospitals and other healthcare providers. But over the last two weeks, those incidents largely have been overshadowed by an apparent BlackCat/Alphv ransomware attack on Change Healthcare, the IT services unit of Optum, a subsidiary of UnitedHealth Group.

More than 100 critical Change Healthcare IT applications and services have been taken offline as the company recovers from the attack, affecting the ability of scores of healthcare sector entities - including physician practices, hospitals, and pharmacies - to process claims, fill prescriptions, and conduct many other vital business and clinical activities (see: The Next Big Bombs to Drop in the Change Healthcare Fiasco).


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.