Between January 17, 2025 and February 1, 2025, Loretto Hospital experienced a data breach involving unauthorized access to its computer network. The breach was caused by the ransomware group known as RansomHouse, which claimed responsibility for the incident on March 10, 2025, via the dark web network Tor. According to RansomHouse, approximately 1.5 terabytes (TB) of sensitive data were stolen from the hospital's systems.
During the breach, the ransomware group accessed and copied files stored on Loretto Hospital's network. Additionally, the hospital reported that some patient data entered into the electronic medical record system between the evening of February 2, 2025, and the afternoon of February 3, 2025, was not saved. Although Loretto Hospital worked diligently to restore and recover as much data as possible, some patient records may not have been fully recovered or recreated.
At this time, the hospital is still conducting a thorough review of the compromised files to determine exactly what information was exposed and to whom it relates. As a healthcare provider and employer, Loretto Hospital stores various types of sensitive information, including personally identifiable information (PII) such as names, addresses, Social Security numbers, and dates of birth, as well as protected health information (PHI) such as medical records, diagnoses, treatments, and insurance details. However, the specific types of information exposed in this breach have not yet been confirmed.
Upon discovering the breach, Loretto Hospital quickly initiated an investigation into the suspicious network activity. The hospital is actively working with cybersecurity experts to assess the security of its network and to implement enhanced protective measures. In addition, Loretto Hospital has notified federal law enforcement authorities and will inform relevant regulators as required by law.
To assist individuals potentially affected by this incident, Loretto Hospital has provided detailed guidance on how to protect personal information from misuse. The hospital advises individuals to remain vigilant by regularly reviewing their account statements, explanation of benefits statements, and monitoring free credit reports for suspicious activity. If suspicious activity is detected, it should be promptly reported to the relevant insurance company, healthcare provider, or financial institution.
Loretto Hospital has published a comprehensive Notice of Data Security Incident on its official website, outlining additional steps individuals can take to protect themselves, such as placing fraud alerts or credit freezes on their credit files. For further questions or concerns, affected individuals can contact the hospital directly via email at cyber.incident@lorettohospital.org, or by mail addressed to: Loretto Hospital, Attn: Information Systems CIO, 645 South Central Avenue, Chicago, IL 60644.
For more information about Loretto Hospital and its services, visit the hospital's official website at lorettohospital.org.