December cyberattack on Chicago community hospital claimed by LockBit gang

Editor's note: Story updated 4 p.m. Jan. 31 with statement from Saint Anthony Hospital.

A recently announced cyberattack on a large community hospital in Chicago was claimed by the LockBit ransomware gang.

Saint Anthony Hospital on the city’s west side acknowledged the incident in a statement on Monday and said the attack was first discovered on December 18.

On Tuesday evening, the LockBit ransomware gang posted the hospital to its leak site, giving it two days to pay a nearly $900,000 ransom. This is the second attack on a hospital that the ransomware group has claimed in January, taking credit for an incident in November where multiple facilities in New Jersey and Pennsylvania had to cancel appointments and operate without patient files.

In a statement to Recorded Future News, the hospital said it took actions to "ensure that patient care was not disrupted."

When asked whether a ransom would be paid, Chief Information Officer Jeff Eilers said hospital leaders "are dedicated to using our resources to care for our community’s most vulnerable and not to rewarding the illegal actions of bad actors."

The hospital's "prompt action and response to this event allowed us to continue providing patient care without disruption," Eilers said.

In the notice, the organization said that on January 7, administrators “determined that files containing patient information had been copied from the network by an unknown actor.”

“Though specific types of information impacted are unknown, there has been no indication that the hospital’s Electronic Medical Record (EMR) database or financial systems as a whole were compromised,” the hospital said.

“Once this review is complete, we will continue to work as quickly as possible to mail a notification letter directly to potentially impacted patients, which will include access to free credit monitoring and identity protection services.”

Saint Anthony Hospital reported the incident to the FBI, the U.S. Department of Health and Human Services and other regulators, according to the statement. The hospital says it saw more than 340,000 patients in 2021 and 2022.

The LockBit posting comes the same week that the gang faced internal turmoil for allegedly refusing to pay an affiliate — one of the independent hackers who launch attacks using LockBit’s malware. One of the group’s leaders was reportedly banned from a popular cybercriminal forum for their refusal to pay.

While the group has in the past claimed to have rules prohibiting attacks on hospitals, LockBit members continued their streak of targeting healthcare facilities. The gang caused outrage after launching an attack against Toronto’s Hospital for Sick Children, Canada's largest pediatric health center, during the 2022 Christmas season.

Since then they have attacked multiple hospitals and healthcare facilities in the U.S. and abroad.