Cyber Incident Victim: Memorial Hospital at Gulfport

On or around February 15, 2019, Memorial Hospital at Gulfport disclosed a phishing incident that compromised an employee email account, exposing protected health information of approximately 30,000 patients. Unauthorized third parties gained access to the email account, which contained patient names, dates of birth, medical care details, and health insurance information. A subset of these records included Social Security numbers, though the hospital characterized this more sensitive exposure as affecting a "limited number" of individuals. The hospital did not specify the exact timeframe of unauthorized access or the duration between intrusion detection and public disclosure. Janet Stuart, the hospital's manager of marketing and communications, confirmed the scope of impacted data categories through an official news release.

Memorial Hospital responded by offering complimentary credit monitoring and identity protection services specifically to patients whose Social Security numbers were exposed. The institution published a formal breach notification on its website and coordinated with external media outlets to disseminate information about the incident. No operational disruptions to healthcare services or additional compromised systems beyond the single email account were reported. The hospital did not disclose whether law enforcement agencies were involved in investigating the breach or whether regulatory fines resulted from the incident. Patient data exposure was confined to information contained within the compromised email account, with no evidence suggesting broader network infiltration or data exfiltration through other means.