Morris Hospital starts mailing patients about data breach

Morris Hospital and Healthcare Centers in Morris, Illinois, is in the process of mailing notices to current and former patients and employees to inform them that a recent cybersecurity incident may have involved their personal information.

On April 4, Morris Hospital discovered it had experienced a cybersecurity incident, upon which time it “immediately” took steps to contain the incident, according to the hospital. It then retained global cybersecurity professionals to conduct an extensive investigation and assist with recovery efforts.

Morris Hospital and Healthcare Centers is an 89-bed independent community hospital located 55 miles southwest of Chicago.

What’s the impact?
Based on the investigation, forensic evidence indicated that an unauthorized party exported data from the hospital’s network system to an external cloud storage platform. The network system is separate from the electronic medical record systems that are used for patient care.

After several weeks of investigation, it was determined that the exports contained files with information about current and former patients of the hospital, as well as current and former employees and their dependents or beneficiaries, including names, addresses, dates of birth, social security numbers, medical record and account numbers, and diagnostic codes.

Morris Hospital said that to date there’s no evidence that personal information has been used inappropriately or without authorization. Still, the hospital has arranged for identity theft resolution services to be available to potentially affected patients at no charge. These individuals must enroll to take advantage of the service.

The notices that are being mailed contain instructions on how to activate the complimentary identity monitoring services. A notice is also posted on the hospital’s website.

The hospital encouraged patients to be vigilant about the security of their personal accounts and monitor them for unauthorized activity, reporting any suspicious activity to law enforcement.

The hospital could not be immediately reached for comment.

The larger trend
Data published by the Ponemon Institute in July showed that, while data breaches affect all industries, healthcare suffers the largest financial hit.

This year, the average cost of a data breach reached an all-time high of $4.4 million. That’s a 2.3% increase from 2022, and, taking the long-term view, the average cost has increased 15.3% from the 2020 report.

Since 2020, healthcare data breach costs specifically have increased 53.3%, representing a considerable rise in recent years. This is the 13th consecutive year the health industry reported it had the most expensive data breaches, averaging $10.9 million in cost. Healthcare Finance