North Mississippi Health Services

After an employee mistakenly clicked a phishing email, North Mississippi Health Services was able to quickly detect and stop the attack. They later identified unauthorised access to the employee's email account.

The compromised information includes patients’ names, dates of birth, primary physicians’ names, and diagnoses or dispositions upon recent discharge from North Mississippi Medical Center-Tupelo.

No indication of misuse, according to NMHS, and they are alerting all impacted patients and regulatory bodies.

Source: https://www.databreaches.net/kudos-to-north-mississippi-health-services-for-fast-detection-and-disruption-of-attack/

TPRM report: https://scoringcyber.rankiteo.com/company/north-mississippi-health-services

"id": "nor22513923",
"linkid": "north-mississippi-health-services",
"type": "Data Leak",
"date": "07/2023",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"

{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'Tupelo, Mississippi',
                        'name': 'North Mississippi Health Services',
                        'type': 'Healthcare'}],
 'attack_vector': 'Phishing email',
 'customer_advisories': ['alerting all impacted patients and regulatory '
                         'bodies'],
 'data_breach': {'personally_identifiable_information': ['patients’ names',
                                                         'dates of birth',
                                                         'primary physicians’ '
                                                         'names',
                                                         'diagnoses or '
                                                         'dispositions upon '
                                                         'recent discharge'],
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Personal Information',
                                              'Medical Information']},
 'description': 'After an employee mistakenly clicked a phishing email, North '
                'Mississippi Health Services was able to quickly detect and '
                'stop the attack. They later identified unauthorised access to '
                "the employee's email account. The compromised information "
                'includes patients’ names, dates of birth, primary physicians’ '
                'names, and diagnoses or dispositions upon recent discharge '
                'from North Mississippi Medical Center-Tupelo. No indication '
                'of misuse, according to NMHS, and they are alerting all '
                'impacted patients and regulatory bodies.',
 'impact': {'data_compromised': ['patients’ names',
                                 'dates of birth',
                                 'primary physicians’ names',
                                 'diagnoses or dispositions upon recent '
                                 'discharge'],
            'systems_affected': ["employee's email account"]},
 'initial_access_broker': {'entry_point': 'Phishing email'},
 'post_incident_analysis': {'root_causes': ['Human error']},
 'regulatory_compliance': {'regulatory_notifications': ['alerting all impacted '
                                                        'patients and '
                                                        'regulatory bodies']},
 'response': {'communication_strategy': ['alerting all impacted patients and '
                                         'regulatory bodies']},
 'title': 'Phishing Attack at North Mississippi Health Services',
 'type': 'Phishing',
 'vulnerability_exploited': 'Human error'}