singing river data breach notification

The Singing River health System and its wholly-owned subsidiary Singing River Gulfport yesterday more than tripled the victim count from an August 2023 data breach. The Mississippi healthcare provider has sent breach notifications to a total of 895,204 individuals, up from the previous number of 252,980.

The notification states that names, Social Security numbers, dates of birth, addresses, medical information, and health information are among the compromised data.

Ransomware group Rhysida claimed responsibility for the attack. SRHS concluded its investigation on December 18, 2023 and sent out the first round of breach notifications on January 12, 2024.

Comparitech contacted SRHS for comment and will update this article if it responds. We don’t yet know why the people notified today weren’t included in the original notification, how attackers breached SRHS’ network, how much the ransom was, or whether SRHS paid the ransom.

Comparitech recommends victims take steps to protect their identity, finances, and health benefits from fraud. Monitor your accounts and credit report for suspicious activity. Take advantage of the free credit monitoring offered by SRHS via IDX.

Who is Rhysida?

Rhysida is a ransomware group that first emerged in May 2023. It often extorts victims twice: once for a decryption key to restore attacked systems, and again in exchange for not selling or publishing stolen data. Its initial attack vectors include phishing and exploiting software vulnerabilities.

Comparitech has logged 45 confirmed attacks by Rhysida since it first surfaced, including five in 2024. Other recent victims include the Hernando County, FL government, Ann & Robert H Lurie Children’s Hospital of Chicago, and boat dealer MarineMax.

Ransomware attacks on US healthcare

This attack on SRHS joins 23 other confirmed ransomware attacks on US healthcare organizations so far in 2024. In 2023, we recorded 126 such attacks that affected 17,683,124 records and counting. A ransomware attack on a healthcare company led to an average downtime of 18.7 days.

Ransomware attacks on US healthcare organizations can cripple key systems and endanger the privacy and security of patients. Hospitals and clinics may have to resort to pen and paper, cancel certain appointments, and divert patients elsewhere until systems are restored.

About Singing River Health System

The Singing River Health System is a group of three hospitals, four pharmacies, two hospice services, and dozens of other clinics and specialty centers in the Mississippi Gulf Coast area. It includes the Ocean Springs Hospital, Pascagoula Hospital, and Singing River Gulfport.

According to its website, SRHS is the second-largest employer in Jackson County with more than 3,5000 employees, and it cares fore more than 100,000 patients per year.

SRHS was also impacted by the ransomware attack on Change Healthcare, which forced SRHS to change payment processors.