North Mississippi Health Services (NMHS) is issuing notice of a recent data security incident

Notice of Data Incident
September 1, 2023 – North Mississippi Health Services (NMHS) is issuing notice of a recent data security incident. While there is no indication that information has been misused, we take our commitment to protecting the privacy of our patients seriously.

We are notifying impacted patients directly and providing information below about the event, our response and steps potentially impacted individuals can take to better protect their information, should they feel it is appropriate to do so.

What happened? On July 3, 2023, NMHS became aware of unauthorized access through an employee’s email account after a phishing email was unintentionally opened. Our Security Operation Committee (SOC) promptly shut down the system, ending the unauthorized access within 17 minutes. Upon investigation, it was determined some of the employee’s emails, which may have included attachments, were potentially accessed.

What information was affected? The information that may have been accessed was limited to patients’ names, dates of birth, primary physicians’ names and diagnoses or dispositions upon recent discharge from North Mississippi Medical Center-Tupelo. It is important to note that no financial information, Social Security numbers or electronic medical records were accessed. Additionally, there is no evidence any information has been misused.

What we are doing. We at NMHS take the security of our patient information seriously. We took immediate steps to contain the incident and our SOC promptly shut down the system. Because of the swift response and security safeguards in place, we ended the unauthorized access within 17 minutes. Our SOC and Legal, Compliance and Privacy teams conducted a comprehensive review to understand the nature and scope of what occurred, what information was impacted and to whom that information relates. We are notifying individuals who may have been impacted, as well as federal authorities. As part of our ongoing commitment to the privacy and security of protected health information (PHI), we are reviewing our existing policies and procedures and strengthening education efforts related to cybersecurity.

What affected individuals can do. Although we are unaware of any misuse of patients’ information, patients are encouraged to remain vigilant by reviewing their account statements and monitoring their credit reports for suspicious activity. Patients can order a free credit report by visiting www.annualcreditreport.com or by calling toll-free, 1-877-322-8228.

For More Information. If you have any questions, please contact NMHS Compliance Officer / Assistant Privacy Officer Jim Stanzell at [email protected] or (662) 377-4148 or (888) 246-2808.