Possible Cyberattack Brings Rural Mississippi Health System Offline

By Jessica Davis

Rural provider Singing River Health System in Biloxi, Mississippi is currently operating under downtime procedures, after the IT security team detected unusual network activity. All signs point to a cyberattack, according to local news outlet WLOX.

SRHS is a leading healthcare provider serving Jackson County Mississippi and communities along the Gulf Coast. The health system is continuing to see patients and its website remains fully operational. There’s no alert posted to social media or its website.

However, a spokesperson for SRHS told WLOX that its IT leaders are working closely with an outside firm to investigate the cause of the disruption and confirm just what systems have been impacted. Law enforcement is also supporting these efforts.

The health system is also working to determine a timeline for the outages, as well as the impacted systems. For now, the clinical teams are working to ensure patients receive high quality care, based on previously implemented protocols that allow for care to continue during periods of downtime.

While the cause of the outage appears to be a cyberattack, officials declined to confirm.

Its website notes SRHS, like many other rural providers is facing a number of critical challenges, including increased staffing, equipment, and technology costs. Mississippi also has the second-lowest overall healthcare ranking in the country, with an “uninsured population significantly above national averages,” according to the SRHS website.

To stymy some of these staggering hurdles, the Jackson County Board of Supervisors selected the Franciscan Missionaries of Our Lady Health System as a potential buyer of SRHS in March of this year.

As First Health Advisory noted after the closure of a rural Illinois hospital, due in part to a cyberattack, low-resourced hospitals face devasting financial and care impacts from cyber incidents, including possible delays in billing.

It’s important not to jump to conclusions, as SRHS has not yet disclosed the cause of the ongoing incident. But it should serve as yet another reminder to address crucial gaps and ensure incident response plans are implemented and well-practiced, as this is the second health system outage reported this month.

Just three weeks ago, a cyberattack against Eastern Connecticut Health Network’s parent company Prospect Medical Holdings led to systemwide IT complications – including ambulance and emergency medical service (EMS) diversion to nearby hospitals. The attack on California-based PMH spurred outages across the country, including Crozer Health in Delaware and ECHN’s Manchester Memorial Hospital and Rockville General Hospital.

ECHN is still reporting service disruptions to its outpatient medical imaging and blood draw services, as well as its phone lines, weeks after the attack. Crozer Health’s website also notes the “systemwide outages” are ongoing.

Recent reports and data confirm the threats plaguing the healthcare sector remain consistent, while impacts continue to significantly increase. The Health Industry Cybersecurity Practices provide health systems of all sizes specific details on how to prioritize remediation, while First Health offers a 405(d) assessment for enterprise and government health entities to improve security agility and simplify resource planning.