Singing River Health System Investigating Cyberattack
Singing River Health System, the largest health system on the Mississippi Gulf Coast, has announced that action has been taken to address a cyber incident, which was identified in the early stages of the attack. Per its incident response procedures, internet access was cut while the incident was investigated, and access to the MyChart patient portal was temporarily blocked. The threat was determined to have been mitigated, as access to the MyChart portal has now been restored.
The investigation into the incident is ongoing, and it has yet to be determined if the attack was blocked in time to prevent unauthorized access to patient records. This is the second known attack on the health system in the past two years. In 2023, the health system experienced a Rhysida ransomware attack that involved unauthorized access to the protected health information of 895,000 individuals.
Consonus Healthcare Services, Oregon
Consonus Healthcare Services in Milwaukie, OR, part of the senior living chain Marquis Companies, has experienced a data breach affecting approximately 4,800 individuals. The incident was detected on August 17, 2025, and the investigation confirmed that the unauthorized access commenced on August 9, 2025. The incident is not shown on the HHS’ Office for Civil Rights website because the breach only involved unauthorized access to the personal information of current and former employees and job applicants rather than protected health information. Data compromised in the incident included names, Social Security numbers, and other sensitive personal information.
A lawsuit has recently been filed in the U.S. District Court in Portland by a former employee, who was informed that his data was stolen in the incident. The lawsuit claims that it took Consonus Healthcare Services three months to issue data breach notifications to the affected individuals and that it only offered short-term credit monitoring services. The lawsuit alleges that the cyberattack occurred as a result of the failure to implement appropriate cybersecurity measures, there was insufficient monitoring for intrusions, and industry-standard best practices were not followed.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Dentistry One, New Jersey
Metuchen, New Jersey-based Dentistry One, a virtual-first dental care and telehealth provider, has disclosed a recent security incident that may have involved unauthorized access to patient data. The substitute breach notice sent to the Massachusetts Attorney General is light in detail and doesn’t state the cause of the data breach.
The notice states that the compromised information included names, Social Security numbers, and driver’s license numbers, and that the unauthorized party responsible was identified and signed a termination certificate attesting that the data has been deleted and has not been misused. The affected individuals have been offered complimentary credit monitoring and identity theft protection services. The scale of the data breach has yet to be announced. Dentistry One said it has taken steps to prevent similar incidents in the future, including revising its technical security measures and procedures.
