Notice of Cybersecurity Incident

Notice of Cybersecurity Incident

Morris Hospital & Healthcare Centers (Morris Hospital) is providing information about a recent cybersecurity incident that may have involved personal information of current and former patients of Morris Hospital and current and former employees and their dependents or beneficiaries. This notice provides information about the nature of the incident and affected data and the immediate and additional corrective measures Morris Hospital has taken to guard against future unauthorized disclosure or misuse of personal data.

What Happened?
On April 4, 2023, Morris Hospital discovered it had experienced a security incident. Morris Hospital immediately took steps to contain the incident and retained global cybersecurity professionals to conduct an extensive investigation of the incident. Based on that investigation, forensic evidence indicated that, just prior to the incident, there were exports of data to an external cloud storage platform by an unauthorized party. The investigation found that these exports contained files with information about current and former patients of Morris Hospital and current and former employees and their dependents or beneficiaries.

 What Information Was Involved?
The potentially exposed records included the names, addresses, dates of birth, social security numbers, medical record numbers and account numbers, and diagnostic codes (numeric codes used to identify diagnoses and treatments) of current and former healthcare patients at Morris Hospital AND the names, addresses, social security numbers, and dates of birth of current and former employees and their dependents and beneficiaries.

What Morris Hospital Is Doing
Upon discovering the incident, Morris Hospital immediately reset passwords for all employee accounts and suspended mobile email access. In addition, Morris Hospital identified and removed malicious files, enhanced its monitoring, logging, and detection capabilities.

Additional steps involved retaining global security professionals to conduct an independent investigation and assist with the recovery efforts. After several weeks of investigation, the global security professionals were able to produce a listing of affected directories, which were subsequently used to harvest and review restored files for potentially affected personal information.

While Morris Hospital does not have any information to suggest that any personal information has been used inappropriately or without authorization, on August 17, 2023, Morris Hospital mailed notices to individuals whose personal information may have been involved. The notice states that Morris Hospital has arranged to make available to individuals who receive the notice identity theft resolution services provided by Experian’s® IdentityWorksSM at no charge. The notice includes instructions on how to activate the complimentary identify monitoring services.

What Affected Individuals Can Do
Morris Hospital encourages current and former patients and current and former employees and their dependents and beneficiaries to watch their mail for the possibility of receiving a notice from Morris Hospital & Healthcare Centers and to carefully review the information and instructions in the notice.

As always, please continue to be vigilant about the security of your personal accounts and monitor them for unauthorized activity. Please report any suspicious activity to appropriate law enforcement. 

For More Information
Morris Hospital takes the security of personal information seriously and regrets any concerns or inconvenience this incident may have caused. If you have questions, please contact Morris Hospital toll-free at 833-734-9797.