The Mississippi-based health system is working to investigate a recent breach.
Singing River recently announced via Facebook that they were experiencing a potential hack. According to a local news report, around December 23rd, Singing Health identified a “potential cyber incident in its early stages.” In response to the incident, the health system immediately took action by shutting down certain systems, including Internet access. The health systems also stated they were experiencing intermittent phone issues and issues accessing MyChart.
Despite the disruptions, Singing River said they would remain open and operating procedures as scheduled. Some patients reported on Facebook that they were receiving notices of delayed appointments. By 6:45pm on December 23rd, Singing River announced they were fully operational again.
The incident at Singing River is not the only cybersecurity issue the massive health system has faced in recent years. In August of 2023, the organization faced a breach that impacted approximately 895,204 individuals. Considering Singing River serves over 100,000 individuals each year, their data system is likely huge. The health system operates a total of 3 hospitals and 10 clinics, making it the second largest employer on the Mississippi Gulf Coast. The incident was claimed by the Rhysida Ransomware Group, which provides Ransomware-as-a-Service.
Catching a cyberattack before threat actors steal data prevents the breach from being successful. While the incident was very short-lived, it’s unclear if any data may have been viewed or accessed. Despite Singing River’s quick response to the incident, it’s important for organizations to be proactive and prevent breaches before they can occur. Since Singing River had to take some systems down or experienced disruptions, it’s likely that the threat actors were in the midst of accessing data or further infiltrating Singing River’s systems.
Any incident–even if it is not a full-blown breach–can have legal, financial, and logistical implications for organizations. In this case, some patients are losing trust in Singing River, as noted in the Facebook comments when the health system announced some systems were done. One commenter immediately stated the organization had been “hacked again.” According to one Paubox report, trust is critical for the longevity and reputation of any healthcare service provider.
RaaS is a business model where highly-skilled threat actors create ransomware programs that are then sold to other criminals, making it easier for less skilled actors to successfully hack into organizations.
Currently, there’s no reason to believe the attacks are connected. However, once an organization has been successfully victimized (especially if that organization paid a ransom), it can make them prone to becoming a victim in the future. It’s unknown if Singing River ever negotiated with Rhysida or paid a ransom.