Illinois Hospital Discloses Data Breach Affecting 250,000 Individuals
Morris Hospital & Healthcare Centers, located 60 miles southwest of Chicago, has revealed that a data breach in early April potentially exposed the personal information of about 250,000 people. The hospital stated that it became aware of the incident on April 4 and took immediate action in response. On Thursday, the organization announced that it had sent notices to individuals whose personal information may have been compromised.
In a separate filing on Maine’s data breach notification site, Morris Hospital reported that a total of 248,943 people were potentially affected by the breach. This number includes current and former healthcare patients, as well as current and former employees and their dependents and beneficiaries.
Reports in late May indicated that the Royal ransomware gang had posted data from Morris Hospital on its leak site. At that time, the hospital was still investigating the incident.
Although Thursday’s announcement did not attribute the breach to a specific attacker, it did mention that unauthorized exports of data to an external cloud storage platform had occurred. No ransom demand was mentioned.
The potentially exposed data includes names, addresses, dates of birth, social security numbers, medical record numbers, account numbers, and diagnostic codes of current and former healthcare patients. Additionally, the names, addresses, social security numbers, and dates of birth of current and former employees and their dependents and beneficiaries were also potentially compromised.
Following the discovery of the breach, Morris Hospital took immediate action. The hospital reset passwords for all employee accounts and suspended mobile email access. It also identified and removed any malicious files and enhanced its monitoring, logging, and detection capabilities. The organization has hired global security professionals to assist with the investigation and recovery efforts.
The Royal ransomware gang has a history of targeting the healthcare sector. In December, the U.S. Department of Health and Human Services issued a warning about the group, and in March, the Cybersecurity and Infrastructure Security Agency issued a broader alert about Royal’s targeting of critical infrastructure.
In recent months, the Royal group has purportedly targeted the city of Dallas, a St. Louis suburb, an Iowa public broadcasting station, and a Tampa Bay zoo.
Joe Warminsky, the news editor for Recorded Future News, contributed to this article. With over 25 years of experience as an editor and writer, Warminsky has a strong background in cybersecurity news and analysis. He previously worked at CyberScoop and WAMU 88.5, the Washington, D.C. NPR affiliate.
[Image Source: The Record Media]
