TRACT Radiology
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
The breach at TRACT Radiology in Mississippi refers to a cyberattack on the Singing River Health System, which operates several hospitals in Mississippi, including Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital. Detected unusual activity within its IT systems prompted an investigation into a potential cyberattack. In response, the health system took its IT systems offline to preserve system integrity, and downtime procedures were implemented. The cyberattack led to the halting of radiology services at its clinics, although services continued at its hospitals[4].
The health system reported the breach to the HHS’ Office for Civil Rights as affecting at least 501 individuals. On September 13, 2023, it was confirmed that the threat actor behind the attack had exfiltrated limited data from its systems. By October 18, 2023, the health system was still investigating the extent to which patient information was affected and the total number of individuals impacted. On December 18, 2023, Singing River Health System confirmed that 252,890 patients had their data compromised in the incident. Affected individuals were notified by mail and offered complimentary credit monitoring and identity theft protection services[4].
This incident is part of a larger trend of healthcare organizations being targeted by cyberattacks, as evidenced by the mass exploitation of a zero-day vulnerability in the MOVEit software, which affected multiple healthcare organizations. The vulnerability was identified and patched on May 31, 2023, but not before data had been exfiltrated by the Clop threat actors. The breach at Singing River Health System is a stark reminder of the cybersecurity challenges facing the healthcare industry and the importance of robust IT security measures to protect sensitive patient information[4].
Citations:
- https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8088789/
- https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8789645/
- https://www.ncbi.nlm.nih.gov/pmc/articles/PMC6463157/
- https://www.hipaajournal.com/mississippi-health-system-investigating-cyberattack/
- https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4407189/
- https://www.ncbi.nlm.nih.gov/pmc/articles/PMC4234130/
- https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
- https://www.wjgnet.com/1949-8470/full/v2/i10/377.htm
- https://www.bmj.com/company/newsroom/ai-fails-to-pass-radiology-qualifying-examination/
- https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5645703/
- https://www.reliasmedia.com/articles/21632-family-members-awarded-16-7-million-after-radiologist-missed-evidence-of-lung-cancer
- https://pubs.rsna.org/doi/full/10.1148/rg.2019190016
- https://www.sciencedirect.com/science/article/pii/S221315822200376X
- https://link.springer.com/article/10.1007/s00247-021-05000-3
- https://pubs.rsna.org/doi/full/10.1148/rg.2016150132
- https://www.sciencedirect.com/science/article/pii/S2213158222000377
- https://academic.oup.com/brain/article/138/5/1223/407010
- https://link.springer.com/referenceworkentry/10.1007/978-3-319-68536-6_70