Singing River Data Breach Exposes PHI and PII

Singing River Health System, a Mississippi health care organization that provides medical care through a network of hospitals, clinics, specialty centers and hospice services, disclosed a data breach involving patient information.

Singing River Health System began notifying affected patients on May 19, 2026. The company posted a notice of the data security incident on its website.

The total number of patients affected by the breach has not been disclosed.

Between Dec. 19 and Dec. 21, 2025, an unauthorized party gained access to Singing River Health System's computer network.

An investigation revealed that the unauthorized party had accessed certain files within the health system's network that contained patient information. A review of the affected files found that the information compromised contained a broad range of sensitive information, including both personally identifiable information (PII) and protected health information (PHI).

The PII exposed in the breach included names, contact information, Social Security numbers, driver's license numbers, dates of birth and bank account information.

The PHI exposed included health insurance information, provider names, internal patient identification numbers, dates of service, medication information and treatment or diagnostic information.

Singing River Health System's response to the breach

The company began mailing notification letters to patients whose information was involved in the breach.

Singing River Health System recommended that patients carefully review statements they receive from their health care providers and health insurance plans for any unfamiliar charges or services.

The health system has set up a dedicated incident response line to answer questions from affected patients. The phone number is 844-953-3015, and the line is available Monday through Friday from 8 a.m. to 11 p.m. and Saturday from 9 a.m. to 6 p.m. Eastern Time, except for major U.S. holidays.