• 5
  • Hospitals
  • 5
  • MS
  • 5
  • Singing River Health System and its wholly owned subsidiary, Singing River Gulfport

Singing River Health System and its wholly owned subsidiary, Singing River Gulfport

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Singing River Health System, a healthcare system headquartered in Pascagoula, Mississippi, and its wholly owned subsidiary, Singing River Gulfport, experienced a significant data breach due to a ransomware attack between August 16 and August 18, 2023. This cyberattack led to unauthorized access to the organization’s computer network, compromising the sensitive personal information of approximately 253,000 patients. The exposed data included names, dates of birth, addresses, Social Security numbers, medical information, and health insurance information[1][5].

Upon discovering the cyberattack on August 19, 2023, Singing River Health System took immediate action by securing its systems and initiating an investigation with the assistance of third-party data security specialists. The investigation confirmed unauthorized access to files containing confidential patient information[1]. In response to the breach, Singing River Health System filed a notice of data breach with the Attorney General of Maine and began sending out data breach notification letters to affected individuals on January 12, 2024[1].

The breach has led to legal actions against Singing River Health System. At least two lawsuits have been filed, accusing the health system of negligently handling private information and failing to adequately protect the data from hackers. These lawsuits aim to represent more than 200,000 individuals whose information was compromised. Plaintiffs are demanding that Singing River Health System strengthen its cybersecurity measures and provide compensation for damages and credit monitoring services[7].

Singing River Health System is a significant healthcare provider in Mississippi, operating three hospitals (Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital) and numerous primary care and specialty medical clinics. The health system employs more than 2,200 people and generates approximately $367 million in annual revenue[1].

In the aftermath of the cyberattack, Singing River Health System has been working to restore its computer systems and continue providing patient care, despite some service disruptions. The health system has also taken steps to enhance its cybersecurity measures to prevent future incidents[2][3].

Affected individuals have been offered complimentary credit monitoring and identity theft protection services. Additionally, legal investigations are underway to determine the possibility of filing a class action lawsuit, which could provide affected consumers with compensation for any harm resulting from the breach[4].

Citations:

  1. https://www.jdsupra.com/legalnews/singing-river-health-system-notifies-6934904/
  2. https://www.chiefhealthcareexecutive.com/view/mississippi-hospital-system-hit-by-cyberattack
  3. https://singingriverhealthsystem.com/2023/08/singing-river-operations-update/
  4. https://www.classaction.org/data-breach-lawsuits/singing-river-health-system-january-2024
  5. https://www.hipaajournal.com/singing-river-health-system-ransomware/
  6. https://www.myinjuryattorney.com/singing-river-health-data-breach-investigation/
  7. https://www.wlox.com/2024/02/02/lawsuits-filed-against-singing-river-health-system-2023-cyberattack/
  8. https://www.jdsupra.com/legalnews/singing-river-health-system-confirms-7666068/
  9. https://www.wlox.com/2023/08/31/singing-river-health-system-still-recovering-recent-cyberattack/
  10. https://www.beckershospitalreview.com/cybersecurity/mississippi-hospital-boosts-data-breach-reach-to-253-000-patients.html
  11. https://www.sunherald.com/news/local/counties/harrison-county/article284955402.html
Breach Submission Date Oct 18, 2023
Converted Entity Name Singing River Health System and its wholly owned subsidiary, Singing River Gulfport
Converted Entity Type Healthcare Provider
State MS
Individuals Affected 501
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes