Mississippi healthcare provider reports data breach impacting over 50,000 people

Mississippi-based healthcare provider Singing River Health System said a data security incident it suffered in 2025 compromised the sensitive personal information of more than 50,000 individuals.

 

Singing River Health System is a not-for-profit healthcare provider serving the Mississippi Gulf Coast. Founded in 1931, it operates three main hospitals — Ocean Springs Hospital, Singing River Hospital in Pascagoula, and Singing River Gulfport — and offers comprehensive medical services, including emergency, cardiovascular, cancer, and rehabilitation care.

 

In a data security incident notice published on its website, SRHS said that it recently identified unauthorised access to its internal network and immediately launched an investigation, with assistance from external cyber security experts, to determine the nature and scope of the incident.

 

It also took steps to secure the affected network and notified relevant law enforcement authorities about the incident.

 

“The investigation determined that the unauthorised party accessed SRHS’s systems between December 19, 2025 and December 21, 2025. Through this investigation, on February 10, 2026, we learned that the unauthorised party had accessed certain SRHS files that contained patient information,” SRHS said.

 

The compromised data included names, contact information, Social Security numbers, driver’s license numbers, dates of birth, bank account information, health insurance information, provider names, internal patient identification numbers, dates of service, medication information, and treatment and/or diagnostic information.

 

In a filing with the U.S. Department of Health and Human Services Office for Civil Rights, SRHS said that it has identified at least 53,888 individuals whose data was compromised during the data security incident.

 

“To help prevent a similar incident, we will continue to implement and evaluate enhanced safeguards and security measures to further protect our systems, and continue to provide security training to our employees,” SRHS added.

 

The healthcare provider has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general. 

 

At the time of publishing, no known hacker group claimed responsibility for the cyber attack on SRHS. The healthcare provider also did not share details on who was behind the attack, how much data was compromised, or whether it had received a ransom demand.