Rhysida ransomware wants $3.6 million for children’s stolen data – Source: www.bleepingcomputer.com

The Rhysida ransomware gang has claimed the cyberattack on Lurie Children’s Hospital in Chicago at the start of the month.

Lurie is a leading pediatric acute care institution in the U.S. that provides care to over 200,000 children annually.

The cyberattack forced the healthcare provider to take its IT systems offline and postpone medical care in some cases.

Email, phone, access to MyChart, and on-premises internet were all impacted.

Ultrasound and CT scan results were rendered unavailable, patient service prioritization systems were taken down, and doctors were forced to switch to pen and paper for prescriptions.

Today, the Rhysida ransomware gang has listed Lurie Children’s on its extortion portal on the dark web, claiming to have stolen 600 GB of data from the hospital.

Rhysida ransomware now offers to sell the stolen data for 60 BTC ($3,700,000) to a single buyer.

The deadline was set to seven days, after which the data will either be sold to multiple threat actors at a lower price or leaked for free on Rhysida’s platform.

Lurie Children’s still impaired

As per the latest status update from Lurie Children’s on February 22, 2024, effort to restore the IT system is ongoing, and service disruptions still impact some operational segments.

Parents are advised to bring a print of their insurance card to their appointments along with their children’s medication bottles, as the health records system that logs this data is apparently still offline.

MyChart remains unavailable, and wait times are longer than usual as prescription preparation is still done by hand.

Some procedures and appointments may be canceled and rescheduled as things are moved around to accommodate urgent care cases.

As the payment systems are also impacted, the timeframe for covering medical bills has been extended for as long as the outage lasts. Also, the hospital currently does not charge no-show fees for appointments.

The Rhysida ransomware gang has had a misstep recently when Korean researchers published the full details of a flaw in their encryptor which could be leveraged for decrypting files without paying a ransom.

Judging from the lengthy disruption at Lurie Children’s, the decryptor that law enforcement used for many months privately may not work in the threat group’s most recent attacks.

Furthermore, should Rhysida’s claims of data exfiltration prove accurate, it means that the sensitive medical information of a large number of children has been irreversibly compromised by cybercriminals.