DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

IL: Morris Hospital discloses breach that Royal claimed responsibility for in May; notifies 248,943

Posted on August 18, 2023 by Dissent

Morris Hospital & Healthcare Centers (Morris Hospital) has issued a notification concerning a cybersecurity incident they discovered on April 4. The incident affects  current and former patients of Morris Hospital and current and former employees and their dependents or beneficiaries.

According to their explanation, their forensic investigation determined that “just prior to the incident,” data was exfiltrated to an external storage platform by an unauthorized individual or individuals. The exported files contained records with  the names, addresses, dates of birth, social security numbers, medical record numbers and account numbers, and diagnostic codes of current and former healthcare patients at Morris Hospital AND the names, addresses, social security numbers, and dates of birth of current and former employees and their dependents and beneficiaries.

If the export of data was “just prior to the incident,” then what was the actual incident? The notice doesn’t clearly state what the incident was, but for reasons   described below, it appears to have been a ransomware incident.

Morris Hospital reports that in response to the incident, it immediately reset passwords for all employee accounts and suspended mobile email access. In addition, they identified and removed malicious files, and enhanced their monitoring, logging, and detection capabilities.

The notice states that it does not have any information to suggest that any personal information has been used inappropriately or without authorization.  The website notice does not disclose that the Royal Ransomware group claimed responsibility for this breach on May 22 and added the hospital to its leak site. Since then, Royal has leaked more than 1 TB of data from the hospital.

Morris Hospital listing on Royal shows 100% of data leaked via three links from the posting.

Perhaps the only thing that is saving patients and employees from potentially more harm is the painfully slow downloads of the leaks from Royal’s server. DataBreaches has yet to obtain all of the data to analyze it to see what is in it, but if Morris Hospital knows that patient data and employee/beneficiary data has been leaked, shouldn’t they have told those being notified?  There’s no law that requires it be disclosed, but as a matter of transparency — and if one really cares about their patients and employees —  DataBreaches believes they are entitled to full disclosure and that  such disclosure should be mandatory, not discretionary or optional.

This incident does not yet appear on HHS’s public breach tool, so we do not know the total number reported to them yet, but the hospital did file a report with the Maine Attorney General’s Office that says a total of 248,943 people were affected.

 

Related posts:

  • Controversy over 2006 Ernst & Young breach continues
  • Granite School District breach worse than the district has revealed — former employee (1)
Category: Breach IncidentsHealth DataMalwareU.S.

Post navigation

← Insider-Wrongdoing in the Healthcare Sector
Police officer loses laptop and notebook as he drives along motorway after leaving them on roof of his car in fourth data breach by single police force →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Horizon Healthcare RCM discloses ransomware attack in December
  • Disgruntled IT Worker Jailed for Cyber Attack, Huddersfield
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Texas Centers for Infectious Disease Associates Notifies Individuals of Data Breach in 2024
  • Battlefords Union Hospitals notifies patients of employee snooping in their records
  • Alert: Scattered Spider has added North American airline and transportation organizations to their target list
  • Northern Light Health patients affected by security incident at Compumedics; 10 healthcare entities affected
  • Privacy commissioner reviewing reported Ontario Health atHome data breach
  • CMS warns Medicare providers of fraud scheme
  • Ex-student charged with wave of cyber attacks on Sydney uni

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Supreme Court Decision on Age Verification Tramples Free Speech and Undermines Privacy
  • New Jersey Issues Draft Privacy Regulations: The New
  • Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
  • Germany Wants Apple, Google to Remove DeepSeek From Their App Stores
  • Supreme Court upholds Texas law requiring age verification on porn sites
  • Justices nix Medicaid ‘right’ to choose doctor, defunding Planned Parenthood in South Carolina
  • European Commission publishes its plan to enable more effective law enforcement access to data

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.