In the early morning hours of January 25, 2024, Group Health Cooperative of South Central Wisconsin (GHC-SCW) identified unauthorized access to their network. Their Information Technology (IT) Department purposefully isolated and secured their network, causing several of their systems to be temporarily unavailable. The attacker attempted to encrypt GHC-SCW’s system but was unsuccessful.
As part of their response effort, they reported the incident to the Federal Bureau of Investigation (FBI) and hired outside cyber incident response resources to assist them in restoring and verifying the security of their network and systems, and to investigate the attack. These resources successfully allowed GHC-SCW to bring their systems back online methodically and safely.
On February 9, 2024, during their investigation, they discovered indications that the attacker had copied some of GHC-SCW’s data, which included protected health information (PHI). The PHI that the attacker stole may have included name, address, telephone number, e-mail address, date of birth and/or death, social security number, member number, and Medicare and/or Medicaid number. Their discovery was confirmed when the attacker, a foreign ransomware gang, contacted GHC-SCW claiming responsibility for the attack and stealing their data.
GHC-SCW has no indication that information has been used or further disclosed. To reduce the risk of this happening again, they have implemented enhanced security measures across all their systems and networks. This includes strengthening existing controls, data backup, user training and awareness and other measures.
Contaminants Under Foot: A Closer Look at Patient Room Floors
Power Outages Largely Driven by Extreme Weather Events
Nemours Children's Health Opens New Moseley Foundation Institute Hospital
Code Compliance Isn't Enough for Healthcare Resilience
Ribbon Cutting Marks First Phase Completion for New Montefiore Einstein Facility