Singing River ransomware impact larger than initially thought


A Mississippi healthcare provider has recently provided updates on a ransomware attack that occurred almost 10 months ago.

The ransomware attack forced several hospitals to go offline and manually process patient care for several days, exposing a trove of sensitive patient data.

Singing River started contacting individuals impacted by the August ransomware attack, which severely affected the US hospital system. According to the breach notification letter, which Singing River submitted to the Maine Attorney General, attackers roamed the company‘s systems for over 48 hours in late August of 2023.

Initially, Singing River believed that the cyberattack only impacted approximately 250,000 individuals – now, the number of victims has risen to almost 900,000.

The patient information accessed by the threat actor includes:

  • Names
  • Dates of Birth
  • Addresses
  • Social Security numbers
  • Medical information
  • Health information

Singing River still states that there is no evidence that any of the data accessed has been misused.

However, individual healthcare data can be sold for hundreds of dollars on dark web forums. For example, malicious actors can use medical details for medical identity theft, a type of fraud where threat actors use stolen information to submit forged claims to Medicare and other health insurers.

Meanwhile, other personally identifiable information (PII) may be used to commit fraud, from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.

Who’s behind the attack?

The Rhysida ransomware gang, which was behind the attack, breached several hospitals in the late summer of 2023. Three Singing River hospitals and a dozen medical clinics were affected. Its laboratory and radiology testing facilities were forced to work using paper-order tests and radiology exams due to the attack.

The ransomware gang claims to have leaked 80% of the data they collected, allegedly including roughly 420,000 files or 754GB of data, according to Carol Volk of BullWall, a ransomware protection company.

“Hospitals and healthcare systems are prime targets for cybercriminals. The Rhysida ransomware gang claims to have leaked 80% of the data they stole, highlighting the immense challenges of protecting health information. Singing River Health System, with its extensive network of hospitals, clinics, and specialty centers, illustrates the vast attack surface and the inherent vulnerabilities within such a complex IT infrastructure,” Volk said.

“The fallout from such breaches is catastrophic, not only in terms of financial loss but also in the erosion of patient trust and the potential delay or cancellation of critical medical treatments.”