North Mississippi Medical Center, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
North Mississippi Health Services (NMHS) experienced a data breach that was identified on July 3, 2023, after an employee opened a phishing email. The security operations committee of NMHS responded quickly, shutting down the system within 17 minutes to end the unauthorized access. During the brief period of access, the hacker was able to view the employee’s emails, which contained patient names, dates of birth, primary care physicians’ names, and diagnoses or conditions upon recent discharges from North Mississippi Medical Center-Tupelo, the flagship hospital of the health system. It was noted that no financial information, Social Security numbers, or electronic health records (EHRs) were accessed, and there has been no indication that the potentially breached data has been misused[4].
Additionally, Cadence Bank, which provides lockbox services to NMHS, reported a separate data security incident that could affect NMHS patients. This breach was due to a “zero-day” vulnerability in a file transfer application called MOVEit Transfer, which was exploited by an unauthorized third party between May 28-31, 2023. The personal information involved in this breach may have included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, medical and/or treatment information, and billing and claims information. Cadence Bank has offered complimentary identity protection services to those affected by this incident[7].
Citations:
- https://www.nmhs.net/policies-notices/notice-of-data-incidents/
- https://www.anylaw.com/case/north-mississippi-medical-center-inc-v-quartiz-technologies/n-d-mississippi/06-08-2023/P83u3owBqcoRgE-I2oyK
- https://www.umc.edu
- https://www.beckershospitalreview.com/cybersecurity/mississippi-health-system-shuts-down-cyberattack-in-17-minutes.html
- https://casetext.com/case/wood-v-n-miss-med-ctr
- https://www.humana.com
- https://www.djournal.com/news/business/cadence-announces-third-party-data-breach-that-could-affect-nmhs-patients/article_287eddf8-7847-11ee-9b0c-4b89a8908b11.html
- https://umc.edu/breach-notice
- https://topclassactions.com/lawsuit-settlements/privacy/data-breach/chinese-hackers-have-infiltrated-critical-u-s-systems-for-years-officials-say/
- https://casetext.com/case/young-v-north-mississippi-medical-ctr
- https://www.inquirer.com
- https://casetext.com/case/morgan-v-north-ms-medical-center
- https://www.tricare.mil
- https://law.justia.com/cases/mississippi/supreme-court/1995/91-ca-00920-sct-2.html
- https://www.washingtonpost.com
- https://caselaw.findlaw.com/ms-court-of-appeals/1056731.html
- https://www.deadiversion.usdoj.gov
- https://docs.justia.com/cases/federal/district-courts/mississippi/msndce/1:2023cv00003/47147/126/
- https://www.hrc.org