OCH Regional Medical Center reports 50K breach

OCH recently filed a data breach notice with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR).

What happened

On March 11th, 2025, OCH Regional Medical Center reported that 51,266 individuals had been impacted by a data breach, which allowed an unauthorized third party to access consumers’ sensitive information. So far, OCH has reported very limited information, with the only notice provided to the HHS. OCH has not provided a website notice or the letter sent to impacted patients. 

Going deeper

OCH has been a medical center for nearly 50 years, providing a variety of care to patients throughout Mississippi.

While little is known about the breach, OCH has likely completed its investigation. According to the HHS, the breach is listed as due to unauthorized access/disclosure. As aforementioned, it’s believed that an unauthorized individual or organization accessed the network. This individual may have had malicious intentions, but it also could have been a mistake, such as sending a report to someone who is not authorized to view it. In recent years, it’s become fairly common for third parties, such as billing companies or insurance agencies, to be breached. In those situations, the vendors usually communicate with the impacted hospitals to notify victims of the incident. 

The big picture

Data breaches like the one at OCH can easily fly under the radar for patients, who are unlikely to be regularly monitoring the HHS for breach notices. These patients will have to wait to receive a lettered notice, which may be further complicated if the hospital no longer has the patient’s current home address. These incidents highlight the importance of timely communication with patients. 

As the incident unfolds, we will likely learn more information, such as what information was breached, who is responsible for the attack, and if OCH may face any legal repercussions.  

Related: HIPAA Compliant Email: The Definitive Guide

FAQs

Why do we know so little about the breach? 

Many hospitals handle data breaches differently from one another. Often, information only becomes public after the investigation is complete and the victims are aware of the situation. Some hospitals do this to ensure the investigation runs smoothly, while others may want to prevent bad publicity. 

Could this data breach lead to a class action lawsuit? 

Any data breach impacting a large number of individuals could potentially lead to a class action lawsuit. Currently, multiple firms are investigating the breach at OCH, but since information is still coming out, it will take some time for a case to come to fruition, if one does. Regardless, class action suits can be expensive and time-consuming for medical centers to respond to.