The Mississippi healthcare provider recently revealed that nearly 900,000 individual’s records were stolen.
What happened
Back in August 2023, Singing River Health System, a massive health services provider in Mississippi, faced a large data breach.
The health system is one of the largest employees on the Mississippi Gulf Coast and serves more than 100,000 patients every year. Each year, they are estimated to have an economic impact of over $270 million.
While Singing River has a great reputation, the organization experienced a data breach in 2023. According to a posted notice, an actor gained access to its network environment between August 16th and August 18th. On August 19th, the malicious actor also deployed ransomware.
Going deeper
According to the breach notification filed with the Attorney General of Maine, the breach was discovered nearly three months later on December 18th, 2023. The hacking incident was triggered by an employee’s information being breached.
In January, Singing River announced the initial numbers of those impacted. At the time, the organization believed 252,890 individuals had their data impacted and sent breach notification letters to those individuals. The organization faced some backlash when it was discovered they had sent some letters with incorrect names.
More recently, it’s been revealed that significantly more individuals were impacted. On May 13th, Singing River Health System updated the number to 895,204 individuals.
The organization began to send updated breach notification letters as soon as the investigation was completed.
Impacted information ultimately included: names, dates of birth, addresses, Social Security numbers, medical information, and health information.
What was said
In their online notice, Singing River said that when the organization discovered the incident they “promptly took steps to secure its systems and, with the assistance of third-party forensic specialists, conducted an investigation to confirm the nature and scope of the incident.”
Singing River says they currently have “no indication of any misuse of your personal information as a result of this event,” but are providing notice “out of an abudnance of caution.”
The big picture
Since the incident, Singing River has been hit with at least two lawsuits. Both followed the initial breach notices and alleged that the healthcare organization mishandled private information, and their alleged negligence resulted in the attack.
Now that more individuals have been impacted, it’s possible that new lawsuits could emerge or that the existing ones may have new class action members.
Cases like these are increasingly common as the public becomes more aware of their privacy and data rights under HIPAA. Breaches alone can be devastating, requiring organizations to reconsider their data policies and security systems. Added lawsuits can make the situation more stressful and financially challenging. Some hospitals have even gone bankrupt after HIPAA violations or data breaches.
Read more: HIPAA Compliant Email: The Definitive Guide
Abby Grifno
