Southern Immediate Care, an Alabama-based urgent care facility, recently announced that it was the victim of a data breach involving employee email accounts.
Southern Immediate Care recently announced a data breach on its website. According to their notice, the company identified unusual activity with an employee’s email in early April of 2025.
Upon discovering the suspicious activity, Southern began an investigation with the assistance of cybersecurity specialists. On April 15th, they determined that two mailboxes were accessed without authorization. Information from the mailboxes may have been downloaded.
This process is ongoing, and while Southern believes the mailboxes contain patient information, they do not yet know the specific information. Once the investigation is complete, Southern will begin notifying impacted individuals.
Southern stated that they are currently not aware of any misuse or attempted misuse of information. The provider stated that they take “the privacy and security of all information within our possession very seriously.” They added, “We value the trust our patients place in us…We also continue to review our internal policies and procedures and to implement further measures as appropriate.”
Data breaches at urgent care facilities can be particularly detrimental because of the life-saving care they provide. While this data breach was not disruptive, breaches can result in downed systems or operational delays, leading to delayed care. This breach appears to have originated within employee email accounts, and unfortunately, it’s fairly common for ransomware attacks to begin in this vector.
While employees generally care about cybersecurity, they may not know what to look for in email attacks or what to do if they are experiencing an attack attempt. Cybersecurity training is important for every employee who handles protected health information. Yet training alone isn’t always enough; tired or fast employees can make simple security errors that can have an outsized impact. That’s why it’s essential to have robust email security systems, like Paubox, that minimize the risk of human error.
If an organization suspects a data breach has taken place, it should enlist the help of forensic/cybersecurity experts to identify the scope and nature of the breach. Once the organization has identified who was impacted and what information was involved, they should notify any relevant governing organizations (such as the Department of Health and Human Services or the Securities and Exchange Commission).
Southern has not yet reported the breach to the HHS, likely because the investigation is still ongoing.