North Mississippi Medical Center, Inc.

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

North Mississippi Health Services (NMHS) experienced a data breach that was identified on July 3, 2023, after an employee opened a phishing email. The security operations committee of NMHS responded quickly, shutting down the system within 17 minutes to end the unauthorized access. During the brief period of access, the hacker was able to view the employee’s emails, which contained patient names, dates of birth, primary care physicians’ names, and diagnoses or conditions upon recent discharges from North Mississippi Medical Center-Tupelo, the flagship hospital of the health system. It was noted that no financial information, Social Security numbers, or electronic health records (EHRs) were accessed, and there has been no indication that the potentially breached data has been misused[4].

Additionally, Cadence Bank, which provides lockbox services to NMHS, reported a separate data security incident that could affect NMHS patients. This breach was due to a “zero-day” vulnerability in a file transfer application called MOVEit Transfer, which was exploited by an unauthorized third party between May 28-31, 2023. The personal information involved in this breach may have included names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, medical and/or treatment information, and billing and claims information. Cadence Bank has offered complimentary identity protection services to those affected by this incident[7].

Citations:

  1. https://www.nmhs.net/policies-notices/notice-of-data-incidents/
  2. https://www.anylaw.com/case/north-mississippi-medical-center-inc-v-quartiz-technologies/n-d-mississippi/06-08-2023/P83u3owBqcoRgE-I2oyK
  3. https://www.umc.edu
  4. https://www.beckershospitalreview.com/cybersecurity/mississippi-health-system-shuts-down-cyberattack-in-17-minutes.html
  5. https://casetext.com/case/wood-v-n-miss-med-ctr
  6. https://www.humana.com
  7. https://www.djournal.com/news/business/cadence-announces-third-party-data-breach-that-could-affect-nmhs-patients/article_287eddf8-7847-11ee-9b0c-4b89a8908b11.html
  8. https://umc.edu/breach-notice
  9. https://topclassactions.com/lawsuit-settlements/privacy/data-breach/chinese-hackers-have-infiltrated-critical-u-s-systems-for-years-officials-say/
  10. https://casetext.com/case/young-v-north-mississippi-medical-ctr
  11. https://www.inquirer.com
  12. https://casetext.com/case/morgan-v-north-ms-medical-center
  13. https://www.tricare.mil
  14. https://law.justia.com/cases/mississippi/supreme-court/1995/91-ca-00920-sct-2.html
  15. https://www.washingtonpost.com
  16. https://caselaw.findlaw.com/ms-court-of-appeals/1056731.html
  17. https://www.deadiversion.usdoj.gov
  18. https://docs.justia.com/cases/federal/district-courts/mississippi/msndce/1:2023cv00003/47147/126/
  19. https://www.hrc.org
Breach Submission Date Sep 01, 2023
Converted Entity Name North Mississippi Medical Center, Inc.
Converted Entity Type Healthcare Provider
State MS
Individuals Affected 950
Breach Type Hacking/IT Incident

Breach Information Location Email

Business Associate Present Yes