Mississippi hospital struck by phishing attack exposing data of nearly 30,000 patients

• Memorial Hospital at Gulfport, Mississippi notifies affected patients involved in the data breach.
• The attack occurred in December last year when an employee of the hospital responded to a phishing mail.

On Tuesday, Mississippi’s Memorial Hospital issued letters to around 30,000 patients that notified them of a massive data breach which occurred in December last year. The breach was the result of an earlier phishing attack.

Reportedly, one of its employees is said to have responded to a phishing mail during December 2018 that helped attackers intrude the system and compromise health information of patients. The hospital did not know of the attack until a third party contacted them a week later.

What information was affected?

The affected information includes patients' names, dates of birth, health insurance information and medical services. Some Social Security numbers were also possibly exposed as a result of the attack.

What actions were taken?

“Memorial Hospital at Gulfport is continuing to investigate this incident and anticipates notifying additional patients in coming weeks. We deeply regret any concern or inconvenience this may cause our patients. MHG takes the privacy and confidentiality of our patients’ information very seriously and is enhancing information security safeguards to help prevent an issue such as this from occurring in the future,” the hospital stated, regarding the incident.

To subdue the impact of the attack, the hospital has extended credit monitoring and identity protection services to patients affected by the breach.

Memorial Hospital has advised all patients to check with their healthcare provider as well as insurance statements for services enlisted. It also plans to provide a discourse on protecting information for those affected by the breach.