Morris Hospital & Healthcare Centers

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Morris Hospital & Healthcare Centers in Illinois experienced a significant cybersecurity incident that was first discovered on April 4, 2023. The breach affected the personal information of approximately 248,943 individuals, including current and former patients, as well as current and former employees and their dependents or beneficiaries[2][10].

The compromised data included sensitive information such as names, addresses, dates of birth, Social Security numbers, medical record numbers, account numbers, and diagnostic codes[1][2]. The hospital took immediate steps to contain the breach by resetting passwords for all employee accounts, suspending mobile email access, and removing malicious files. They also enhanced their monitoring, logging, and detection capabilities[1].

An investigation, assisted by global cybersecurity professionals, revealed that data had been exported to an external cloud storage platform by an unauthorized party[1][6]. The hospital’s electronic medical record systems, however, were not compromised, and patient care or hospital operations were not impacted[4][5].

Morris Hospital has since mailed notices to individuals whose personal information may have been involved and arranged for identity theft resolution services provided by Experian’s® IdentityWorksSM at no charge for those affected[1][6]. They have encouraged individuals to be vigilant and monitor their personal accounts for unauthorized activity[1].

The Royal Ransomware group claimed responsibility for the breach and added the hospital to its leak site, posting samples of the stolen information[2][7][9][12]. Despite the breach, there has been no evidence to suggest that the personal information has been misused or used without authorization[6].

Morris Hospital & Healthcare Centers has expressed regret for any concerns or inconvenience caused by the incident and has provided a toll-free number for those with questions regarding the breach[1].

Citations:

  1. https://www.morrishospital.org/notice-of-privacy-incident/
  2. https://www.beckershospitalreview.com/cybersecurity/illinois-hospital-data-breach-affects-248-000-patients.html
  3. https://cybernews.com/news/morris-hospital-medical-data-exposed/
  4. https://www.morrishospital.org/press-release/morris-hospital-reports-cybersecurity-incident/
  5. https://healthitsecurity.com/news/il-hospital-suffers-cybersecurity-incident
  6. https://www.healthcarefinancenews.com/news/morris-hospital-informs-248000-patients-data-breach
  7. https://thecyberexpress.com/royal-ransomware-morris-hospital-cyber-attack/amp/
  8. https://www.morrishospital.org/press-release/morris-hospital-issues-notice-of-cybersecurity-incident/
  9. https://izoologic.com/region/us/royal-ransomware-breached-an-illinois-based-hospital/
  10. https://www.hipaajournal.com/morris-hospital-healthcare-centers-249000-cyberattack/
  11. https://www.beckershospitalreview.com/cybersecurity/illinois-hospital-investigating-unauthorized-network-breach
  12. https://www.beckershospitalreview.com/cybersecurity/ransomware-gang-claims-it-hit-illinois-hospital.html
  13. https://s3.amazonaws.com/jnswire/jns-media/b2/ce/13522310/2023CH07842.pdf
  14. https://therecord.media/illinois-hospital-notifies-patients-employees-of-cyber-incident
  15. https://www.hipaaguidelines101.com/cyberattacks-reported-by-esset-researchers-morris-hospital-healthcare-centers-wellness-medication-clinics-and-centromed/
  16. https://www.jdsupra.com/legalnews/morris-hospital-healthcare-centers-8127182/
Breach Submission Date Aug 17, 2023
Converted Entity Name Morris Hospital & Healthcare Centers
Converted Entity Type Healthcare Provider
State IL
Individuals Affected 248,943
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes