Pierluigi Paganini May 15, 2024

The Singing River Health System revealed that the ransomware attack that hit the organization in August 2023 impacted 895,204 people.

At the end of August 2023, the systems at three hospitals and other medical facilities operated by Singing River Health System (SRHS) were hit by a Rhysida ransomware attack.

The Singing River Health System runs 3 hospitals and 10 clinics and is the second largest employer on the Mississippi Gulf Coast.

“The Singing River Health System’s three hospitals – Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital, as well as its dozen-plus medical clinics – are affected by the incident, which began over the weekend. The health system employs about 3,800 people.” reported BankInfoSecurity.

Several services at the impacted hospitals, including laboratory and radiology testing, suffered a significant IT systems outage. At the time, Singing River said it was working to process all paper-ordered lab tests and radiology exams as quickly as possible, based on priority.

On September 13, 2023, the healthcare organization disclosed a data breach and in December 2023, it announced that the incident impacted 252,890 individuals.

In a new update shared by the company with the Maine Attorney General, the organization declared that the total number of persons affected is 895,204.

Potentially compromised information includes name, date of birth, address, Social Security number, medical information, and health insurance information.

SRHS is offering impacted individuals access to credit monitoring services provided by IDX identity theft protection for twelve months at no cost. The company is also providing guidance on preventing identity theft and fraud, including steps to report suspicious incidents and placing fraud alerts or security freezes on credit files. Additionally, they are sharing information on safeguarding against tax fraud, contacting consumer reporting agencies, and obtaining free credit reports. Singing River Health System recommends the impacted individuals to be vigilant by reviewing account statements and monitoring credit reports. Individuals are encouraged to report any incidents of identity theft or fraud to relevant authorities, including the Federal Trade Commission, state Attorney General, and law enforcement.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Rhysida)