North Mississippi Health Services (NMHS) disclosed a third-party data breach at Cadence Bank, the provider of treasury management services to NMHS, revealing a MOVEit-related incident that exposed a plethora of sensitive consumer data. The compromised information encompasses names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance details, medical and treatment specifics, billing and claims information, as well as financial account data. Cadence Bank commenced the distribution of data breach notification letters to affected individuals following their investigation.
The incident, identified on June 1, 2023, unveiled a zero-day vulnerability in the MOVEit file transfer application by Progress Software. Cadence Bank swiftly applied available patches to mitigate the vulnerability and initiated an investigation, partnering with third-party data security experts.
Subsequent findings on June 28, 2023, confirmed that an unauthorized entity exploited the MOVEit vulnerability, accessing information stored within Cadence Bank’s MOVEit server between May 28 and May 31, 2023. The breach also allowed viewing of confidential patient information on the server. Cadence Bank notified NMHS of the breach on September 1, 2023.
Following the exposure of sensitive consumer data, both Cadence Bank and North Mississippi Health Services reviewed compromised files to ascertain the leaked information, leading to the dispatch of breach notification letters by NMHS on October 27, 2023, detailing the compromised data specific to affected consumers.
Founded in 1930 and headquartered in Tupelo, Mississippi, NMHS operates as a nonprofit integrated healthcare system, offering acute, diagnostic, therapeutic, and emergency services across hospitals and a network of primary and specialty clinics. With over 7,200 employees, the organization generates an estimated annual revenue of $1 billion.