1. Home
  2. States
  3. Mississippi

Mississippi

Table of Contents

Data breaches happen when an individual or a business's systems are infiltrated by an unauthorized party to steal sensitive or personal data. This information is highly valued in criminal circles for various reasons. Attacks may be perpetrated by email hacking, denial of service or ransomware, malware, phishing, and stealing identities. The population of Mississippi is on the lower end, though the problem is prevalent in the state. It was ranked 35th in number of victims affected in 2023. During the same year, the associated loss was $32,144,078. Most of the targeted areas in the state were the healthcare and educational sectors.

Identity Theft Statistics

Identity Theft
Reports
16TH
State Rank (Reports per 100K Population)
4,714
Identity Theft Reports
Fraud & Other
Reports
41TH
State Rank (Reports per 100K Population)
15,041
Total Fraud & Other Reports
Fraud
Losses
$7.6M
Total Fraud Losses
$276
Median Fraud Losses

Top Ten Report Categories

Identity Theft
24%
Imposter Scams
16%
Telephone and Mobile Services
8%
Prizes, Sweepstakes and Lotteries
6%
Credit Bureaus, Iformation Furnishers and Report Users
6%
Banks and Lenders
5%
Debt Collection
5%
Online Shopping and Negative Reviews
5%
Auto Related
3%
Internet Services
2%

Top Identity Theft Types

41%
4,852
Other Identity Theft
32%
3,763
Credit Card Fraud
12%
1,471
Loan or Lease Fraud
5%
615
Bank Fraud
5%
539
Employment or Tax-Related Fraud
4%
454
Phone or Utilities Fraud
2%
195
Government Documents or Benefits Fraud

Mississippi's Recent Biggest Data Breaches

2023
November

Pharmacy Group of Mississippi Data Breach

The Pharmacy Group of Mississippi discovered a breach from unauthorized parties on their network. The breach entailed protected health information following a hacking event. However, the leaked data types have yet to be confirmed. On completing their investigation, the organization also sent breach notification letters to those affected by the incident. Thirteen thousand one hundred twenty-nine individuals were affected due to the data breach incident. Those affected were advised to implement credit monitoring or identity theft protection services for twelve months.

2023
August

Singing River Health System Data Breach

In August 2023, the Singing River Health System had a ransomware attack that restricted access to its electrical medical records. This disrupted most of its operations, though care continued to be provided to patients. After discovering that the system was compromised, the healthcare institution initiated an investigation to assess which information was leaked. They found that names, birth dates, Social Security numbers, and health data were stolen. The Singing River Health network also sent all affected data breach notification letters following the breach. These were 252,890 in number. Affected patients were also provided complimentary credit monitoring and identity theft protection.

2022
March

Mississippi Sports Medicine and Orthopaedic Centre Data Breach

In March 2022, the MSMOC discovered suspicious activity on their network due to an unauthorized encryption of certain information. It immediately secured the system, and an investigation began with the assistance of external cybersecurity specialists. It was determined that the suspicious activity was related to employee email accounts, which were logged into by a cybercriminal between January and March 2022. The investigation also revealed that certain forms of information were breached, including names, birth dates, contact details, medical record data, prescriptions, and diagnoses. MSMOC indicated they were taking the event seriously and had taken steps to restore operations to secure their systems. Notices were also issued to all who were affected by the event.

2021
December

Horne, LLP Data Breach

In December 2021, Horne LLP identified suspicious activity on their computer network, indicating a data breach. Horne immediately reviewed the compromised documents to assess which information had been leaked and the affected clientele. The exposed information varied from names, addresses, Social Security numbers, clinical details, health insurance, and medical records. In January 2024, Horne also sent out data breach notification letters to all affected by the incident. Horne

LLC indicated they were committed to securing health information and implementing additional safeguards for their client's privacy. The affected were given a complimentary year of free credit monitoring and identity theft resolution.

2021
April

Cancer Centre Of Greenwood Data Breach

The Cancer Centre of Greenwood Hospital's associate, Elekta Incorporated, experienced unauthorized access to their database. This incident occurred in April 2021, and a forensic investigation was initiated to determine the extent of the damage. It determined names, Social Security numbers, birth dates, medical diagnoses, treatment data, and appointment confirmations were exposed. The compromised parts of the system were subsequently shut down to protect both patient and consumer information and prevent unsanctioned access to Elekta's networks. CCG also notified patients concerning the security breach, and Elekta provided complimentary access to identity monitoring.

What Should You Do if You Are in a Breach?

Unfortunately, data breaches are pretty common now, considering our online connections and dependence on digital service delivery. Criminals work in the shadows to steal your personal information, so sometimes, it's only when you notice certain signs that ongoing fraud becomes apparent. These danger signs apply to both individuals and businesses.

Unfamiliar
Credit Card Charges

If you find unauthorized transactions on your credit card, there is a significant possibility your phone number, email address, or card number has been compromised.

Calls from
Debt Collectors

Phone calls or letters from collection agencies seeking debt payment for a loan you do not remember taking are also signs of identity theft.

New Credit Cards
or Loans in Your Name

A new line of credit in your name or a loan taken is a warning sign you are a victim of identity theft.

Surprise Credit
Score Drops

Sudden credit drops with no obvious cause are a sign of suspicious activities.

Unusual Activity on Your
Social Security Account

The federal government also considers social security numbers personal identifiers, so check your social security statement regularly to ensure no one has access to benefits without consent.

Inability to
Sign-in to Accounts

If you are locked out of the account, it is usually because someone has hacked into it and changed the password. You should immediately try all possible recovery options and contact customer support if all fails.

Step-by-Step Process for Responding to a Data Breach

01

Contact Local Law Enforcement

As an individual or a business, report the incident to the police and file a police report.

02

Assess and Secure Compromised Areas

Identify which aspects of your information have been affected, such as emails, passwords, credit card numbers, social security numbers, full names, and phone numbers.

03

Contain the Breach

Isolate the affected system to prevent further damage.

04

Create New, Strong Passwords for All Accounts

This may involve changing usernames and passwords for compromised platforms, using strong passwords with a mix of upper and lower-case letters, digits, and special characters.

05

Notify Affected Institutions

Inform your bank, credit card companies, and other affected institutions. Request they close or freeze any accounts that may be implicated in the breach to reduce financial risk.

06

Update Security on Digital Accounts

Change passwords for all accounts affected by the breach. Make sure each password is totally unique, and you use two-factor verification as an additional layer of security.

07

Check for Malware

Examine your computers and mobile devices for installed malware. Install robust antivirus software to detect and remove any viruses or malicious software.

08

Freeze Your Credit

In cases of identity theft, contact all credit bureaus to freeze your credit.

09

Monitor Your Mail and Credit Reports

Keep an eye out for any unauthorized changes in your mail.

10

Engage Legal Assistance When Applicable

If you are a business, consider hiring a law firm experienced in handling data breaches.

Responsibilities of Companies that Have Been Breached

Entities in Mississippi are required to maintain security and integrity in their data operations. In a data breach, businesses must notify all affected personnel. According to Mississippi state regulations, personal information is defined as the names of an individual in combination with driver's license data, account numbers, credit cards, and Social Security. Personal information does not include publicly available data from local, federal, or state agencies.

Entities are required to report breaches to those affected without any unreasonable delay. That is provided the notification is not contravened by an ongoing law enforcement investigation. The allowed means of notification include written telephone and email modes. If the cost of issuing notices to the affected is higher than $5,000 or more than 5,000 people are victims, then a substitute notice can be issued. Substitute notices may be in the form of notification of statewide media, emails, or a conspicuous posting on the business website. Sent data breaches include the business's name and contact details, description of the breach, and compromised information types.

There are exceptions that are given for organizations that have a notification policy. If it maintains its notification procedures as part of the security protocol for the treatment of personal information and whose doings are consistent with the statute's timing requirements, it would comply with notification obligations in Mississippi. Failure to adhere to the stipulations of the regulations in Mississippi will mean unfair trading practices. These violations will require remedies enforced by the state attorney general.

Laws

  • Mississippi House Bill 583 requires businesses to provide notice of a security breach in case of an incident. It also allows a notice to be delayed for a reasonable time if it impedes a criminal investigation.
  • Mississippi Code Title 75. Regulation of Trade, Commerce, and Investments deals with unfair methods of competition affecting commerce or deceptive trade practices. That prohibits unfair trade practices. Action may also be brought under subsequent section 75-24-5(1)

Resources

Table of Contents