Anubis ransomware gang claims credit as Mississippi hospital reveals attack impacted 54K patients
A health system in Mississippi has revealed a December 2025 data breach of its network resulted in records on 53,888 patients being stolen by hackers. Meanwhile, an infamous cybercrime cell has claimed credit for the attack, posting proof on the dark web.
Last month, Singing River Health System reported official numbers from the incident to the U.S. Department of Health and Human Services’ Office for Civil Rights, which operates a data breach tracker. This came after an investigation into what it called a “cybersecurity incident” that staff at Singing River discovered a few days after cybercriminals were already inside its network.
According to the health system, which said it worked with a third-party cybersecurity firm on its investigation, its network was compromised from Dec. 19-21, 2025, before the unauthorized access was discovered and containment protocols were deployed.
In February 2026, the three-hospital community health network confirmed sensitive patient data was accessed by nefarious actors. Stolen data included contact information, Social Security numbers, dates of birth, IDs, details on patient treatment, diagnostic test results, lists of medications, bank account information, health insurance numbers and provider names.
Known victims were notified and advised to check their financial records for any sign of unusual activity and encouraged to sign up for complimentary credit monitoring offered by Singing River. In turn, the health system confirmed it had implemented security upgrades on its end, in hopes of thwarting a similar attack.
As for the measures it had in place prior to the hack, the cybercriminal gang behind the attack challenges the notion that they were adequate.
Enter Anubis
Researchers at Comparitech released a report last week showing that Anubis—a cybercrime group known for its ransomware attacks against healthcare entities—had claimed credit for the data breach in a post on its own dark web leak site.
The group claims to have 293 GB of data from Singing River, containing sensitive patient information. It posted samples to prove it had the goods, including what Comparitech described as “intimate images of surgeries and injuries.”
Anubis claims to have over 1.2 million files.
As for how it gained access, the cybercriminals accused Singing River of deploying lax security—systems that have received very little upgrade since the hospital network was last hacked in 2023.
That incident exposed records on over 895,000 people and also involved the deployment of ransomware. Another cybercrime cell took credit for that attack.
If Anubis is to be believed, little changed over the two years between data breaches. Singing River has not commented on the Anubis post, and the vector the organization used for the data breach remains a mystery.
Anubis, whose membership and identities remain unknown, has claimed credit for 35 ransomware attacks in 2026 so far, 17 of which were on American healthcare entities.
HeathExec reached out to Singing River for comment.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.