CEO Letter to Community

To Our Lurie Children’s Community: 

Thank you for your continued support and patience as we have been working with internal and external experts, as well as law enforcement, to diligently investigate the cybersecurity attack that occurred earlier this year.  

As you may have read in the news, hospitals and health systems across the country are facing constantly increasing and evolving cybersecurity threats. While Lurie Children’s is not alone, we are incredibly upset that cybercriminals would attack a leading children’s hospital whose mission is to care for the most vulnerable children in our community. As CEO – but more importantly as a father and a pediatrician – my heart is heavy, and I sincerely regret that this attack occurred. 

Throughout our response to this attack, we have remained dedicated to the care and safety of our patients and the well-being of our team members.  

Today, we announced that through our ongoing investigation we have determined that information relating to certain individuals was copied from our systems by the cybercriminals. Importantly, we have no indication that the cybercriminals accessed data stored in our electronic health record system (Epic), although certain information stored in other Lurie Children’s systems was impacted 

At Lurie Children’s, we take seriously the privacy of our patients’ and team members’ sensitive information. Lurie Children’s did not pay a ransom. Experts have advised that making a payment to cybercriminals does not guarantee the deletion or retrieval of data that has been taken. Once our investigation team identified an amount of data that was impacted by the cybercriminals, we worked closely with law enforcement to retrieve that data.  Our investigation to-date has not identified the impacted data on the dark web or in the public sphere.   

We are now notifying patients, patient-families and team members whose information was impacted, including through mailing notification letters and other methods, so that they can take steps to help protect their information. We are also providing free resources to those individuals. More information is available on this website. 

As we look forward, we will continue to come together as a community and grow and learn from this difficult experience. We continue to work closely with leading cybersecurity experts to further enhance the security of our systems and the data provided to us. 

In the face of this challenge, I take comfort in knowing that we – as a community – are supportive of each other and Lurie Children’s 140-plus-year history of providing superior pediatric care, cutting-edge treatments and advanced research. 

To our patients and patient-families, caring for you remains our highest priority. Thank you for giving us the greatest privilege to care for your children.  

To our team members, we are extremely grateful for your hard work and dedication. Thank you for all that you have done and continue to do to provide superior care to our patients and to advance our CARE (Clinical care, Advocacy, Research and Education) mission. 

To our community, thank you for continuing to put your trust in Lurie Children’s. We will continue to do everything we can, every day, to continue to earn that trust.  

Sincerely,  

Thomas P. Shanley, MD  
President and Chief Executive Officer