Morris Hospital investigating attack by Royal ransomware group

On May 22, the Royal ransomware group added Morris Hospital to their leak site with a small sample of files as proof of claims. On May 23, the hospital posted a statement on its site, prominently linked from its homepage: Morris Hospital & Healthcare Centers is actively investigating a cybersecurity incident with the assistance of independent cybersecurity forensic experts. The incident has not impacted patient care or hospital operations. The investigation was launched after the hospital detected unusual activity on its computer network that indicated an unauthorized third party had gained access to the network system. The network system is separate from the electronic medical record systems that are used for patient care. The hospital’s electronic medical record systems were not compromised. After taking immediate action to contain the incident, Morris Hospital began an extensive investigation with assistance from outside experts. At this time, the investigation remains active and involves a review of each individual file on the affected servers to determine whether any sensitive data was compromised, a process called e-discovery. Hospital officials emphasize that the numerous IT security measures that were already in place at Morris Hospital were instrumental in preventing a more severe incident. Updates will be provided as more information becomes available. Morris’s statement does not indicate whether any files were locked/encrypted and whether they received an extortion/ransom demand. Nor do they indicate whether they would pay any ransom demand if they receive(d) one. This is a developing situation and story.