Morris Hospital & Healthcare Centers in Illinois has initiated the notification process for 248,943 individuals concerning a cyber incident discovered on April 4, 2023. Upon discovering the breach, the company hired external cybersecurity experts to probe and assess its extent and nature. These experts found that unauthorized entities had illicitly obtained protected health information by extracting files from the facility’s systems.
The compromised data encompassed confidential health details belonging to both current and former patients, as well as employees, their dependents, and beneficiaries. This information spanned across various categories, including names, addresses, dates of birth, Social Security numbers, medical record numbers, account identifiers, and codes linked to diagnoses and treatments. Even though there have been no instances of observed misuse of the pilfered data, the affected individuals have received advice to remain vigilant. Moreover, they have been provided with complimentary access to identity theft resolution services.
In the correspondence to affected parties, Morris Hospital & Healthcare Centers refrained from disclosing the identities of the perpetrators and abstained from elaborating on the specific nature of the attack. Yet, reports indicate that the Royal Ransomware group claimed responsibility for the breach. Allegedly, on May 22, 2023, this group included Morris Hospital in its hidden dark web collection, unveiling certain compromised data from the breach.
A Backup Drive Containing Jefferson Health’s DEXA Scan Data has been Either Lost or Stolen
Jefferson Health has initiated the process of informing patients associated with Cherry Hill Hospital in New Jersey regarding the potential compromise of certain protected health information. This information was stored on a backup drive connected to the DEXA scan device. During routine maintenance conducted by the vendor, it came to light that the backup drive was absent. A thorough investigation ensued, but a conclusive determination about the fate of the drive couldn’t be reached, leading to the presumption of its loss or theft.
Within the missing backup drive were details including names, dates of birth, medical record numbers, study dates, and, for specific individuals, mailing addresses. The device additionally contained further data; however, access to it necessitated valid credentials, along with the appropriate software and technology. This additional information encompassed diagnoses, contact numbers, Social Security numbers, insurance particulars, driver’s license numbers, and scan records. Jefferson Health has shared that they are presently assessing and reinforcing their security procedures to avert similar occurrences in the future.
As of now, the incident has not appeared on the HHS’ Office for Civil Rights breach portal, thus the precise number of affected individuals remains unclear.
Pathways to Wellness Medication Clinics Announces the Occurrence of a Ransomware Attack
Pathways to Wellness Medication Clinics in Oakland, Union City, and Pleasanton, California, have officially notified patients about the potential compromise of their protected health information due to a detected cyberattack on March 28, 2023.In this incident, an unauthorized individual managed to gain access to the network and subsequently disable it. In response, the organization enlisted external cybersecurity specialists to perform a thorough investigation of the breach, resulting in the strengthening of system security measures. Additionally, they assessed and are currently updating technical safeguards to bolster the safeguarding of patient data.
Although no instances of patient data misuse were reported until July 5, 2023, it remains plausible that data theft transpired. The exposed data encompassed various details such as first and last names, addresses, health insurance particulars, provider names, Social Security numbers, dates of birth, and genders. To aid the impacted individuals, they have been offered free credit monitoring services from a single bureau.
Currently, the Office for Civil Rights breach portal has not added the incident, making the precise number of affected individuals unclear.