Morris Hospital & Healthcare Centers is in the process of mailing notices to current and former patients and employees to inform them that a recent cybersecurity incident may have involved their personal information.
On April 4, 2023, Morris Hospital discovered it had experienced a cybersecurity incident and immediately took steps to contain the incident. The hospital then retained global cybersecurity professionals to conduct an extensive investigation and assist with recovery efforts.
Based on the investigation, forensic evidence indicated that an unauthorized party exported data from the hospital’s network system to an external cloud storage platform. The network system is separate from the electronic medical record systems that are used for patient care.
After several weeks of investigation, it was determined that the exports contained files with information about current and former patients of Morris Hospital, as well as current and former employees and their dependents or beneficiaries, including names, addresses, dates of birth, social security numbers, medical record and account numbers, and diagnostic codes, which are numeric codes used to identify diagnoses and treatments.
While Morris Hospital does not have any information to suggest that any personal information has been used inappropriately or without authorization, the hospital has arranged for identity theft resolution services to be available to potentially affected individuals at no charge. These individuals must enroll to take advantage of this free service, and Morris Hospital encourages them to do so.
As always, Morris Hospital encourages individuals to be vigilant about the security of their personal accounts and monitor them for unauthorized activity, reporting any suspicious activity to law enforcement.