PHI of 30,000 Memorial Hospital Patients and 5,524 AZ Plastic Surgery Center Patients Breached

Memorial Hospital at Gulfport, Mississippi, is informing around 30,000 patients that unauthorized persons potentially accessed some of their protected health information (PHI) following a successful phishing attack.

When Memorial Hospital discovered on December 17, 2018 that there had been a breach of an employee’s email account, the account was promptly secured and an investigation was launched to determine the scale of the breach and whether patients’ PHI had been accessed.

As per the investigation results, the employee was discovered to have responded to a phishing email on December 6, 2018. This allowed the attacker to gain access emails and email attachments in the account. Memorial Hospital reported that the exposed PHI was limited to names, birth dates, health insurance details, and information regarding medical services received at the hospital. A few patients also had their Social Security numbers exposed.

Patients affected by the breach were sent notifications by mail on February 15, 2019. Patients whose Social Security numbers were exposed have been offered credit monitoring services at no charge. The investigation has not yet been completed and the hospital is expecting to notify more patients over the course of the next few weeks.

5,524 Patients of AZ Plastic Surgery Center Informed of PHI Breach

AZ Plastic Surgery Center has experienced a data breach that has impacted 5,524 patients. AZ Plastic Surgery Center, located in Tucson, AZ, discovered hackers accessed its computer systems and potentially viewed/obtained patients’ PHI. The surgery center discovered the breach on December 10, 2018.

AZ Plastic Surgery Center reported the security breach to the FBI and local law enforcement and launched an investigation, which is ongoing. Third-party computer experts were hired to investigate the breach and while they could not determine whether patient information was accessed, data access/theft could not be ruled out. No evidence of data misuse has been uncovered.


Simple Guidelines
Immediate PDF Download

Immediate Access

Privacy Policy

The hackers may have accessed the following types of information: Names, birth dates, addresses, diagnoses, prescription details, medical insurance numbers, and notes relating to procedures performed at the surgery center. The Social Security numbers and driver’s license numbers of some patients may also have been accessed.

Affected patients were sent notification letters via mail on February 8, 2019.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: