25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Mississippi Health System Investigating Cyberattack

Posted By on Aug 23, 2023

Singing River Health System in Mississippi, which operates Pascagoula Hospital, Ocean Springs Hospital, and Gulfport Hospital, detected unusual activity within its IT systems last week and is investigating a potential cyberattack. On Monday, the health system took its IT systems offline to preserve system integrity and downtime procedures remain in place.

Shannon Wall, SRHS Chief Marketing Officer, said “We are working diligently with third-party specialists to investigate the source of this disruption and to confirm its impact on our systems as soon as possible. We have also engaged with the appropriate law enforcement authorities.” She also confirmed that the IT security team is working around the clock to investigate the incident, ensure systems are secured, and will start bringing systems back online when it is safe to do so. A timeline has not been provided on when systems will be restored. Further details on the nature of the attack, such as if this is a ransomware incident, have not been released. The health system is continuing to see patients but there are delays due to the lack of access to IT systems. Radiology services at its clinics have been halted, although will continue at its hospitals.

Update: On September 13, 2023, the health system confirmed that the threat actor behind the attack exfiltrated limited data from its systems. In an October 18, 2023, update, the health system said it is still investigating the extent to which patient information was affected and the number of individuals involved. To meet breach reporting requirements, the breach has been reported to the HHS’ Office for Civil Rights as affecting at least 501 individuals. the total will be updated when the investigation concludes.

On December 18, 2023, Singing River Health System confirmed that 252,890 patients had their data compromised in the incident and notification letters were mailed on January 12, 2023. Further information is available in this post.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

MOVEit Hacking Victims

More healthcare organizations have confirmed they have been affected by the mass exploitation of a zero day vulnerability in the MOVEit Transfer file transfer solution by the Clop hacking group. The vulnerability was identified on May 31, 2023, and a patch was released that day by Progress Software; however, the vulnerability had already been exploited and data exfiltrated by the Clop threat actors.

The Harris Center for Mental Health and IDD

The Harris Center for Mental Health and IDD in Houston, TX, has recently confirmed that the protected health information of 599,367 individuals was compromised in the attack. The Harris Center does not use the MOVEit Transfer solution; however, one of its service providers did and had data stolen. The internal investigation confirmed on August 9, 2023, that the compromised protected health information included names, addresses, dates of birth, Social Security numbers, and health insurance information. The Harris Center started sending written notifications to the affected individuals on August 17, 2023.

UofL Health

UofL Health in Louisville, KY, said its internal investigation confirmed on June 21, 2023, that the hackers gained access to files that contained patient names, addresses, dates of birth, patient account numbers, dates of service, member ID numbers, and Social Security numbers. The affected individuals have been notified by mail and have been offered complimentary credit monitoring and identity theft protection services. UofL Health has reported the breach to the appropriate authorities, but it is currently unclear how many patients have been affected.

Baesman Group, Inc.

The Baesman Group, Inc., a Hilliard, OH-based provider of CRM, customer loyalty, and marketing services, confirmed it had been affected by the MOVEit hacks, and had data stolen on May 29, 2023. Notification letters are being sent to the 4,000 individuals that were affected. The substitute breach notification on its website does not state what types of data were stolen in the attack.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist