About 900K patients are victims in Mississippi hospital data breach. What did hackers take?

Blake Kaplan
·2 min read

Singing River Hospital System said this week close to 900,000 patients had their personal information disclosed to hackers as the result of a 2023 ransomware attack, a number much larger than previously reported.

The Pascagoula-based business earlier said it thought the breach involved only about 250,000 patients.

The new information came to light in a filing Singing River made in the state of Maine.

Several medical and tech trade publications reviewed that paperwork and published stories this week.

According to Comparitech, a publication reporting cybersecurity news, Singing River “more than tripled the victim count from an August 2023 data breach. The Mississippi healthcare provider has sent breach notifications to a total of 895,204 individuals, up from the previous number of 252,980.”

Names, Social Security numbers, dates of birth, addresses, medical information, and health information are among the compromised data, several of the publications reported. Singing River says it “is unaware of any misuse of individual information” and is contacting patients “out of an abundance of caution.”

On its website, the hospital calls the attack “malicious and sophisticated.”

“Ransomware group Rhysida claimed responsibility for the attack. SRHS concluded its investigation on December 18, 2023, and sent out the first round of breach notifications on January 12, 2024,” Comparitech reported.

According to JD Supra, a business website, “upon learning about the cyberattack, SRHS secured its systems and then began working with third-party forensic experts to conduct an investigation. Through this investigation, SRHS confirmed that an unauthorized party was able to access portions of the company’s computer network between August 16, 2023 and August 18, 2023. It was also determined that the unauthorized party was able to access certain files containing confidential patient information.

“After learning that sensitive consumer data was accessible to an unauthorized party, Singing River Health System reviewed the compromised files to determine what information was leaked and which consumers were impacted.”

Singing River operates three hospitals on the Mississippi Gulf Coast and a host of other medical-related businesses.

In a statement to the Sun Herald, Singing River said it has provided information to applicable state and federal regulators, and this week,“ continued to mail letters to individuals identified through its review. Singing River remains committed to patient care and is reviewing our policies and procedures to reduce the likelihood of a similar occurrence.”