Singing River Health System (SRHS) recently confirmed a significant data breach, affecting a total of 252,890 patients. The breach, which occurred between August 16 and August 18, 2023, was discovered during an investigation by SRHS. Despite the breach, SRHS stated that there is no evidence of any misuse of personal information at this time. However, as a precautionary measure, SRHS notified all potentially impacted individuals via mail on January 12, 2023.
In a follow-up notification on May 13, 2024, SRHS informed 25 Maine patients about the breach, providing them with an update on the situation. This notification confirmed the new estimate of affected individuals in the Maine region.
The attack on SRHS was attributed to the Rhysida ransomware group, a threat actor known for targeting various sectors, including healthcare institutions. The Rhysida group has a history of targeting healthcare systems, such as the Lurie Children’s Hospital and Prospect Medical Holdings. In addition to healthcare, the group has also been involved in cyberattacks on educational institutions, the manufacturing industry, and even the Chilean army, as documented in a report by the HHS Health Sector Cybersecurity Coordination Center.
The breached data from SRHS included personal information such as names, dates of birth, addresses, Social Security numbers, medical records, and health information of affected patients. While SRHS reassured individuals that there is no evidence of information being used for fraudulent activities, they advised patients to remain vigilant in monitoring their accounts and credit reports for any suspicious activity.
Despite SRHS’s efforts to address the breach, a report by Bleeping Computer revealed that the Rhysida group had already released 80% of the stolen data, amounting to over 420,000 files and 754 GB of data. This incident highlights the ongoing threat posed by ransomware groups and the importance of robust cybersecurity measures to protect sensitive data.
As the healthcare sector continues to be a prime target for cyberattacks, organizations like SRHS must prioritize cybersecurity and invest in preventative measures to safeguard patient information. The breach serves as a reminder of the persistent threat posed by ransomware groups and the need for collaboration between healthcare providers, cybersecurity experts, and law enforcement agencies to combat cyber threats effectively.