LockBit Ransomware Gang Claims Responsibility for Attack on Saint Anthony Hospital
The LockBit ransomware gang has added Chicago’s Saint Anthony Hospital to its data leak site and is demanding a ransom payment of almost $900,000 from the nonprofit hospital to prevent the release of the stolen data. Earlier this week, Saint Anthony Hospital confirmed that it was still investigating the attack, which was detected on December 18, 2023. Saint Anthony Hospital took immediate action to secure its network to prevent further unauthorized access and an investigation was launched to determine the nature and scope of the unauthorized activity. The prompt action taken by the hospital in response to the attack allowed care to continue to be provided to patients without disruption.
The investigation confirmed on January 7, 2024, that an unknown, unauthorized third party had copied files from its network on December 18, 2023, which contained patient information. Those files are being reviewed to determine the number of patients affected and the types of information involved, and that process is ongoing. At this stage, Saint Anthony Hospital is unable to say how many individuals have been affected and the specific types of data involved. Individual notification letters will be mailed to the affected individuals when that process is completed.
While the theft of patient data has been confirmed, the forensic investigation did not find any evidence that its electronic medical record database or financial systems as a whole were compromised. Saint Anthony Hospital said that as part of its commitment to data privacy, existing data security policies and procedures are being reviewed and will be updated as appropriate to better protect patient data in the future. The incident has been reported to the Federal Bureau of Investigation, Department of Health and Human Services, and other regulators. Since some patient data has been stolen, patients have been advised to remain vigilant against incidents of identity theft and should review their account and explanations of benefits statements for unusual activity, and report any suspicious activity to their insurance company, health care provider, or financial institution.
Since the notification was issued, the LockBit ransomware group added Saint Anthony Hospital to its data leak site. The LockBit group has previously claimed that it prohibits affiliates from attacking hospitals. Last year, an affiliate conducted an attack on Toronto’s Hospital for Sick Children (SickKids), which was promptly followed by an apology from the group, and a free decryptor was issued to allow the hospital to recover files for free, and the group claimed that the affiliate behind the attack had been kicked out of its program for violating its operating rules. The latest attack suggests its policy of not attacking hospitals has been canceled. In the listing on its data leak site, the LockBit group claimed that “Always US hospitals put their greedy interest over those of their patients and clients,” apparently oblivious to the fact that Saint Anthony Hospital is a nonprofit healthcare provider.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Saint Anthony Hospital has indicated the ransom will not be paid. “As a vital safety-net hospital to the people in the communities we serve, we are dedicated to using our resources to care for our community’s most vulnerable and not to rewarding the illegal actions of bad actors,” said CIO Jeff Eilers.
