Mississippi’s Coastal Family Health Center Falls Victim To Hacker, PHI Exposed

July 07, 2021 - The Mississippi-based Coastal Family Health Center (CFHC) is investigating a hacking attempt that tried to shut down the hospital’s computer operations and did manage to expose patients’ protected health information (PHI.) 

On July 2, CFHC, the fourth-largest community health center in Mississippi, announced that it fell victim to computer hackers on May 13, according to a CFHC statement. “That attempt (to shut hospital operations) failed and Coastal Family was still able to treat patients and provide service to the community.” 

The nonprofit serves over 35,000 patients at its 27 locations across southern Mississippi, according to its website. Those sites include two pharmacies, 12 community clinics, 12 school-based clinics, a mobile medical/dental unit, and two administrative offices. 

“Coastal Family immediately launched an investigation to determine what happened and what information may have been accessed by an unauthorized person during the incident,” the statement read.  

“On June 4, 2021 the investigation revealed that some of the files accessed contained personal information of patients. While at this time CFHC has no evidence that any information has been misused, out of an abundance of caution CFHC is providing credit and identity theft protection to its patient community.” 

The breached data included patient names, addresses, social security numbers, medical insurance information, and health and treatment information.  

"On July 2, 2021 CFHC notified potentially impacted individuals of this incident by letter and provided resources to help them protect their identities,” according to the statement.  

The healthcare provider, which was established in 1976, is working with cyber security professionals to assist with protecting patients and to change “it’s procedures to prevent such disclosures in the future,” it stated.  

For patients impacted by the data breach, there is a call center available Monday through Friday from 8:00 a.m. - 5:00 p.m. CT to answer all questions and concerns. The call center is available at 1-833-909-3915.  

“In addition, out of an abundance of caution, CFHC offered, at no cost, identity protection services through IDX to individuals whose information may have been exposed. CFHC is not aware of the misuse of any patient information resulting from this incident.”  

“We remain dedicated to protecting your personal information and apologize for any concern or inconvenience this may cause you,” CFHC stated in the release.  

CFHC is one of several health systems in the United States that recently became victims of cyber attacks on their patients’ protected health information (PHI) and operations systems.