Kudos to the North Mississippi Health Services for rapid detection and interruption of a phishing attack.
In a website notice dated September 1, NMHS explains that on July 3, they discovered unauthorized access through an employee’s email account after a phishing email was unintentionally opened.
“Our Security Operation Committee (SOC) promptly shut down the system, ending the unauthorized access within 17 minutes. Upon investigation, it was determined some of the employee’s emails, which may have included attachments, were potentially accessed.,” they write.
The information in the attachments that may have been accessed was limited to patients’ names, dates of birth, primary physicians’ names, and diagnoses or dispositions upon recent discharge from North Mississippi Medical Center-Tupelo.
NMHS reports there is no evidence of misuse, and that they are notifying all affected patients and regulators.
You can read their entire website notice at https://www.nmhs.net/policies-notices/notice-of-data-incident/. And while they did not prevent the attack, their rapid detection and response really limited an attack that could have been much worse, so congratulations to them on that.