TRACT Radiology

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

The breach at TRACT Radiology in Mississippi refers to a cyberattack on the Singing River Health System, which operates several hospitals in Mississippi, including Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital. Detected unusual activity within its IT systems prompted an investigation into a potential cyberattack. In response, the health system took its IT systems offline to preserve system integrity, and downtime procedures were implemented. The cyberattack led to the halting of radiology services at its clinics, although services continued at its hospitals[4].

The health system reported the breach to the HHS’ Office for Civil Rights as affecting at least 501 individuals. On September 13, 2023, it was confirmed that the threat actor behind the attack had exfiltrated limited data from its systems. By October 18, 2023, the health system was still investigating the extent to which patient information was affected and the total number of individuals impacted. On December 18, 2023, Singing River Health System confirmed that 252,890 patients had their data compromised in the incident. Affected individuals were notified by mail and offered complimentary credit monitoring and identity theft protection services[4].

This incident is part of a larger trend of healthcare organizations being targeted by cyberattacks, as evidenced by the mass exploitation of a zero-day vulnerability in the MOVEit software, which affected multiple healthcare organizations. The vulnerability was identified and patched on May 31, 2023, but not before data had been exfiltrated by the Clop threat actors. The breach at Singing River Health System is a stark reminder of the cybersecurity challenges facing the healthcare industry and the importance of robust IT security measures to protect sensitive patient information[4].

Citations:

  1. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8088789/
  2. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8789645/
  3. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6463157/
  4. https://www.hipaajournal.com/mississippi-health-system-investigating-cyberattack/
  5. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4407189/
  6. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4234130/
  7. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  8. https://www.wjgnet.com/1949-8470/full/v2/i10/377.htm
  9. https://www.bmj.com/company/newsroom/ai-fails-to-pass-radiology-qualifying-examination/
  10. https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5645703/
  11. https://www.reliasmedia.com/articles/21632-family-members-awarded-16-7-million-after-radiologist-missed-evidence-of-lung-cancer
  12. https://pubs.rsna.org/doi/full/10.1148/rg.2019190016
  13. https://www.sciencedirect.com/science/article/pii/S221315822200376X
  14. https://link.springer.com/article/10.1007/s00247-021-05000-3
  15. https://pubs.rsna.org/doi/full/10.1148/rg.2016150132
  16. https://www.sciencedirect.com/science/article/pii/S2213158222000377
  17. https://academic.oup.com/brain/article/138/5/1223/407010
  18. https://link.springer.com/referenceworkentry/10.1007/978-3-319-68536-6_70
Breach Submission Date Aug 14, 2023
Converted Entity Name TRACT Radiology
Converted Entity Type Business Associate
State MS
Individuals Affected 7,810
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes