Massive Data Breach at Singing River Health System: Nearly 900,000 Affected

A major healthcare provider in Mississippi, Singing River, recently disclosed that a cyberattack in August 2023 affected the data of 895,204 individuals. The medical network comprises hospitals in Pascagoula, Ocean Springs, and Gulfport, as well as other medical facilities in the region.

On August 19, 2023, the company announced that it had fallen victim to a sophisticated ransomware attack, resulting in hospital disruptions and potential data theft. By the end of August, the organization was listed on the breach portal of the U.S. Department of Health and Human Services Office for Civil Rights with a provisional number of 501 affected individuals.

On September 13, 2023, it was confirmed that data had been stolen, and by December 18 of the same year, it was reported that the breach had impacted 252,890 people. The latest update, provided to Maine state authorities a few days ago, increased the number of affected individuals to 895,204.

According to the Maine notification and the latest information on the Singing River website, the leaked data includes the following patient information:

• Full name
• Date of birth
• Home address
• Social Security Number (SSN)
• Medical information
• Health information

Singing River states that there is currently no evidence of the stolen data being used for identity theft or fraud. All affected individuals have been offered 24 months of free credit report monitoring and digital identity restoration services.

The ransomware group Rhysida, known for targeting healthcare institutions, including children’s hospitals, claimed responsibility for the attack. The perpetrators have released approximately 80% of the stolen data, totaling 420,766 files with a combined size of 754 GB.

Affected individuals are advised to promptly utilize the offered protective services, exercise caution when receiving unsolicited communications, and closely monitor activity across all their accounts.