Rhysida ransomware attacked Lurie Children’s Hospital of Chicago (pediatric hospital) Jan 26-31 2024. Patient-facing systems offline for ~3.5 months. 791,784 individuals notified of PHI exposure including names, DOBs, SSNs, medical records, prescriptions, health plan data. $3.4M ransom demanded; hospital refused to pay. Rhysida claimed to have sold data. Class action lawsuits filed. Rhysida also attacked British Library (Oct 2023, 600GB stolen, ~$7.5-8.7M recovery cost) and Prospect Medical Holdings.