On October 27, 2023, North Mississippi Health Services (“NMHS”) posted a notice on its website describing a third-party data breach at Cadence Bank, which is a company that provides treasury management services to NMHS. Evidently, Cadence Bank experienced a MOVEit-related data breach impacting consumers’ sensitive information, which includes their names, addresses, dates of birth, Social Security numbers, driver’s license numbers, health insurance information, medical information, treatment information, billing and claims information, and financial account information. Upon completing its investigation, Cadence Bank began sending out data breach notification letters to all individuals whose information was affected by the recent data security incident.

If you receive a notification from North Mississippi Health Services discussing the Cadence Bank data breach, it is essential you understand what is at risk and what you can do about it. As we’ve discussed in previous posts, data breaches that affect the security of your SSN can be a major threat, dramatically increasing the risk of identity theft and other frauds. A data breach lawyer can help you learn more about how to protect yourself from becoming a victim of fraud or identity theft, as well as discuss your legal options following the North Mississippi Health Services / Cadence Bank data breach. For more information, please see our recent piece on the topic here.

What Caused the Cadence Bank Data Breach?

The Cadence Bank data breach was only recently confirmed, and more information is expected in the future. However, NMHS’s website notice provides some important information on what led up to the breach. According to this source, on June 1, 2023, Cadence Bank was informed that MOVEit, a file transfer application developed by Progress Software, suffered from a zero-day vulnerability.

In response, Cadence Bank implemented all available patches to limit the impact of the MOVEit vulnerability. Then, Cadence Bank began an investigation into the potential impact of the MOVEit vulnerability with the help of third-party data security experts.

On June 28, 2023, the Cadence Bank’s investigation confirmed that an unauthorized exploited the MOVEit vulnerability, giving them access to information that was stored within the Cadence Bank’s MOVEit server between May 28, 2023 and May 31, 2023. It was also determined that the unauthorized party was able to view confidential patient information stored on the MOVEit server. Cadence Bank then notified NMHS on September 1, 2023.

After learning that sensitive consumer data was accessible to an unauthorized party, Cadence Bank and North Mississippi Health Services both reviewed the compromised files to determine what information was leaked and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, address, date of birth, Social Security number, driver’s license number, health insurance information, medical information, treatment information, billing and claims information, and financial account information.

On October 27, 2023, North Mississippi Health Services sent out data breach letters to anyone who was affected by the recent data security incident. These letters should provide victims with a list of what information belonging to them was compromised.

More Information About North Mississippi Health Services

Founded in 1930, North Mississippi Health Services is a nonprofit, community-owned, and integrated healthcare system based in Tupelo, Mississippi. NMHS provides acute, diagnostic, therapeutic and emergency services through a Level 2 trauma center. NMHS also operates hospitals in Amory, Eupora, Iuka, Pontotoc and West Point, Mississippi, and Hamilton, Alabama, as well as a network of more than 45 primary and specialty clinics, nursing homes and telehealth services. North Mississippi Health Services employs more than 7,200 people and generates approximately $1 billion in annual revenue.