An Illinois hospital, Morris Hospital & Healthcare Centers, located southwest of Chicago, has revealed a data breach that potentially exposed the personal information of about 250,000 individuals.
The breach was detected in early April, prompting immediate actions from the hospital to respond to the incident. While the hospital did not attribute the breach to a specific attacker, it mentioned that unauthorized data exports to an external cloud storage platform had occurred.
The compromised data includes a range of personal details such as names, addresses, social security numbers, medical record numbers, and more, affecting both patients and employees.
The breach was discovered on April 4, and the hospital quickly initiated measures to address the situation. Notices were mailed to individuals whose personal information might have been compromised.
Although the incident was still under investigation as of late May, it was reported that data from the hospital had been posted on a leak site by the Royal ransomware gang. Despite the exposure, there was no mention of a ransom demand in the hospital’s announcement.
The hospital has since reset employee passwords, suspended mobile email access, and taken steps to enhance its monitoring and detection capabilities.
Morris Hospital & Healthcare Centers engaged global security professionals to investigate the breach and aid in recovery efforts. These experts managed to identify affected directories and review restored files for potential compromised personal information. While the hospital has not reported any unauthorized access or misuse of the data, it remains committed to transparency and ensuring the protection of affected individuals’ information.
