Singing River Health System in Mississippi has issued an update on a cybersecurity incident that was first announced in December 2025, shortly after the attack was detected. In the updated breach notice, Singing River Health System explained that its investigation revealed an unauthorized third party had access to certain computer systems between December 19, 2025, and December 21, 2025. On February 10, 2026, Singing River Health System confirmed that the unauthorized individual had access to files containing patient information. The file review has recently concluded and revealed that the exposed data included names in combination with one or more of the following: contact information, Social Security numbers, driver’s license numbers, dates of birth, diagnostic/treatment information, medication information, dates of service, bank account information, health insurance information, provider names, and internal patient identification numbers. Singing River Health System said it will continue to implement and evaluate enhanced safeguards and security measures to further protect its systems. The affected individuals have been advised to review the statements they receive from their healthcare providers and insurers for any services that have not been received. The incident has recently been reported to the HHS’ Office for Civil Rights as affecting 53,888 individuals. Adams County Memorial Hospital Adams County Memorial Hospital has notified the HHS’ Office for Civil Rights about a breach of the protected health information of 5,305 individuals. The data was exposed as a result of an employee responding to a phishing email, which allowed an unauthorized third party to gain access to the employee’s email account on December 22, 2026. The breach was confined to the email account. The electronic medical record system was not affected. The investigation confirmed that the account contained personal and protected health information such as names, addresses, dates of birth, Social Security numbers, dates of service, diagnoses, charges, and health insurance information. In response to the incident, additional security protocols have been implemented to protect against future phishing incidents, and additional education has been provided to employees on phishing and malicious email identification. As a precaution against identity theft and fraud, the affected individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months. Central Kansas Mental Health Center Central Kansas Mental Health Center in Salina, KS, has experienced a cybersecurity incident that exposed patient data. The incident was first identified on September 26, 2025, when suspicious activity was observed within its computer network. Immediate action was taken to contain the incident, and an investigation was launched to determine the nature and scope of the unauthorized activity. The investigation confirmed that an unauthorized third party accessed its network and likely exfiltrated files containing patient data. The files are being reviewed to determine the types of data involved and the individuals affected. Central Kansas Mental Health Center first announced the data breach via its website in November 2025, confirming that credit monitoring and identity theft protection services are being made available. Central Kansas Mental Health Center has not identified any misuse of the exposed data to date. The incident has yet to be added to the HHS’ Office for Civil Rights breach portal, so it is currently unclear how many individuals have been affected. The post Singing River Health System: 54K Individuals Affected by December Cyberattack appeared first on The HIPAA Journal .
Originally published at hipaajournal.com
