BleepingComputer reports the disclosure by the Singing River Health System in Mississippi that 895,204 individuals were affected by a ransomware attack that took place in August 2023.
Click for more special coverage
The ransomware attack, which was announced on Aug. 19, 2023, triggered operational disruptions and enabled data theft. Initially, the breach was reported to have affected 501 individuals. Singing River confirmed data exfiltration in September 2023 and identified 252,890 affected individuals by December 2023, until the latest and possibly final estimate provided to Maine's authorities revealed the true scale of the breach.
The compromised data includes personal information such as names, dates of birth, physical addresses, Social Security numbers, and medical details. Despite the breach, there is no evidence that the exposed data has been used for identity theft or fraud. Singing River had offered affected individuals 24 months of credit monitoring and identity restoration services through IDX.
The Rhysida ransomware gang, which has made a name for targeting healthcare providers, subsequently claimed responsibility for the attack and leaked around 80% of the stolen data, amounting to 420,766 files totaling 754 GB.
