The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023.
Singing River Health System is a major healthcare provider located in Mississippi, operating the Singing River Hospital in Pascagoula, Ocean Springs Hospital, and the Singing River Gulfport Hospital, collectively providing over 700 beds.
The health system, which employs over 3,500 people, also operates two hospices, four pharmacies, six imaging centers, ten specialty centers, and twelve medical clinics in the Gulf Coast region.
On August 19, 2023, Singing River announced that it had been targeted by a sophisticated ransomware attack, which resulted in operational disruptions at its hospitals and potentially data theft.
Singing River was added to the HHS’ Office for Civil Rights breach portal in late August, with a temporary figure of 501 impacted individuals.
On September 13, 2023, the healthcare organization confirmed that data had been exfiltrated from its systems, and on December 18, 2023, it announced that the incident impacted 252,890 people.
The latest and presumably final update on the estimate of exposed individuals came yesterday, with Singing River now saying to Maine’s authorities that 895,204 people were impacted.
According to the latest information in the data breach notice and also the latest update on the organization’s site, the exposed data includes:
- Full name
- Date of birth
- Physical address
- Social Security Number (SSN)
- Medical information
- Health information
Singing River said there is no evidence that any of the exposed data was used for identity theft or fraud, and it offers 24 months of credit monitoring and identity restoration services through IDX to all letter recipients.
The attack was claimed by the Rhysida ransomware gang, which is notorious for attacking healthcare service providers, most recently, even children’s hospitals.
The threat actors have so far leaked roughly 80% of the data they claim to hold from the breach at Singing River, which allegedly includes a catalog of 420,766 files totaling 754 GB in size.
Considering this exposure, impacted people are recommended to enroll in IDX’s services as soon as possible, treat unsolicited communications with caution, monitor all accounts for suspicious activity, and consider placing a security freeze on their credit report.