Ransomware gang demanding $3.6 million for stolen medical data

The Rhysida ransomware gang has taken responsibility for the ransomware attack on Lurie Children's Hospital in Chicago that happened early February. This comes after the group posted what it says is 6TB of sensitive medical data on its extortion portal on the dark web.

Rhysida is demanding 60 BTC, approximately $3.6 million, to any willing buyer with a promise not to resell the data to any other party.

However, the offer is only valid for 7 days after which we can only speculate what the group will do with the stolen data.

Lurie is a renowned paediatric acute care institution in the U.S. that serves over 2,000 children annually which would explain the reason for the high price tag for the data.

The hospital announced that it had suffered an attack on 1st February forcing it to take IT systems offline which consequently disrupted normal operations at the facility.

Email and phones stopped working and access to MyChart and hospital internet was affected. Ultrasound and CT scan results could not be accessed and doctors resorted to using pen and paper for drug prescriptions.

Despite efforts to restore normalcy, Lurie Children's continues to grapple with the aftermath of the attack. The cybercriminals seem to have used an updated version of their encryptor after Korean researchers had successfully cracked an earlier version allowing affected organisations to decrypt files for free.

Operational segments remain hampered, forcing parents to bring physical copies of insurance cards and medication bottles to appointments due to the offline health records system.

With MyChart still out of commission and manual prescription processes causing delays, patients face longer wait times and potential cancellations of procedures and appointments.

To alleviate financial strain, the hospital has extended payment deadlines and waived no-show fees until services are fully restored.