{ "id": "35782923-418b-488a-86f2-cd45e6a47473", "created_at": "2026-04-06T00:09:16.36026Z", "updated_at": "2026-04-10T03:26:47.144688Z", "deleted_at": null, "sha1_hash": "3ea81da38f9681a56f7a66a0451c19f8345c05fd", "title": "December cyberattack on Chicago community hospital claimed by LockBit gang", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 81612, "plain_text": "December cyberattack on Chicago community hospital claimed by\r\nLockBit gang\r\nBy Jonathan Greig\r\nPublished: 2024-01-31 · Archived: 2026-04-05 22:30:12 UTC\r\nEditor's note: Story updated 4 p.m. Jan. 31 with statement from Saint Anthony Hospital.\r\nA recently announced cyberattack on a large community hospital in Chicago was claimed by the LockBit\r\nransomware gang.\r\nSaint Anthony Hospital on the city’s west side acknowledged the incident in a statement on Monday and said the\r\nattack was first discovered on December 18.\r\nOn Tuesday evening, the LockBit ransomware gang posted the hospital to its leak site, giving it two days to pay a\r\nnearly $900,000 ransom. This is the second attack on a hospital that the ransomware group has claimed in January,\r\ntaking credit for an incident in November where multiple facilities in New Jersey and Pennsylvania had to cancel\r\nappointments and operate without patient files.\r\nIn a statement to Recorded Future News, the hospital said it took actions to \"ensure that patient care was not\r\ndisrupted.\"\r\nWhen asked whether a ransom would be paid, Chief Information Officer Jeff Eilers said hospital leaders \"are\r\ndedicated to using our resources to care for our community’s most vulnerable and not to rewarding the illegal\r\nactions of bad actors.\"\r\nThe hospital's \"prompt action and response to this event allowed us to continue providing patient care without\r\ndisruption,\" Eilers said.\r\nIn the notice, the organization said that on January 7, administrators “determined that files containing patient\r\ninformation had been copied from the network by an unknown actor.”\r\n“Though specific types of information impacted are unknown, there has been no indication that the hospital’s\r\nElectronic Medical Record (EMR) database or financial systems as a whole were compromised,” the hospital said.\r\n“Once this review is complete, we will continue to work as quickly as possible to mail a notification letter directly\r\nto potentially impacted patients, which will include access to free credit monitoring and identity protection\r\nservices.”\r\nSaint Anthony Hospital reported the incident to the FBI, the U.S. Department of Health and Human Services and\r\nother regulators, according to the statement. The hospital says it saw more than 340,000 patients in 2021 and\r\n2022.\r\nhttps://therecord.media/ransomware-saint-anthony-hospital-chicago\r\nPage 1 of 3\n\nThe LockBit posting comes the same week that the gang faced internal turmoil for allegedly refusing to pay an\r\naffiliate — one of the independent hackers who launch attacks using LockBit’s malware. One of the group’s\r\nleaders was reportedly banned from a popular cybercriminal forum for their refusal to pay.\r\nWhile the group has in the past claimed to have rules prohibiting attacks on hospitals, LockBit members continued\r\ntheir streak of targeting healthcare facilities. The gang caused outrage after launching an attack against Toronto’s\r\nHospital for Sick Children, Canada's largest pediatric health center, during the 2022 Christmas season.\r\nSince then they have attacked multiple hospitals and healthcare facilities in the U.S. and abroad.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/ransomware-saint-anthony-hospital-chicago\r\nPage 2 of 3\n\nJonathan Greig\r\nis a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since\r\n2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.\r\nHe previously covered cybersecurity at ZDNet and TechRepublic.\r\nSource: https://therecord.media/ransomware-saint-anthony-hospital-chicago\r\nhttps://therecord.media/ransomware-saint-anthony-hospital-chicago\r\nPage 3 of 3", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://therecord.media/ransomware-saint-anthony-hospital-chicago" ], "report_names": [ "ransomware-saint-anthony-hospital-chicago" ], "threat_actors": [ { "id": "0fc739cf-0b82-48bf-9f7d-398a200b59b5", "created_at": "2022-10-25T16:07:23.797925Z", "updated_at": "2026-04-10T02:00:04.752608Z", "deleted_at": null, "main_name": "LockBit Gang", "aliases": [ "Bitwise Spider", "Operation Cronos" ], "source_name": "ETDA:LockBit Gang", "tools": [ "3AM", "ABCD Ransomware", "CrackMapExec", "EmPyre", "EmpireProject", "LockBit", "LockBit Black", "Mimikatz", "PowerShell Empire", "PsExec", "Syrphid" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434156, "ts_updated_at": 1775791607, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/3ea81da38f9681a56f7a66a0451c19f8345c05fd.pdf", "text": "https://archive.orkl.eu/3ea81da38f9681a56f7a66a0451c19f8345c05fd.txt", "img": "https://archive.orkl.eu/3ea81da38f9681a56f7a66a0451c19f8345c05fd.jpg" } }