In the early morning hours of January 25, 2024, Group Health Cooperative of South Central Wisconsin (GHC-SCW) identified unauthorized access to their network. Their Information Technology (IT) Department purposefully isolated and secured their network, causing several of their systems to be temporarily unavailable. The attacker attempted to encrypt GHC-SCW’s system but was unsuccessful.
As part of their response effort, they reported the incident to the Federal Bureau of Investigation (FBI) and hired outside cyber incident response resources to assist them in restoring and verifying the security of their network and systems, and to investigate the attack. These resources successfully allowed GHC-SCW to bring their systems back online methodically and safely.
On February 9, 2024, during their investigation, they discovered indications that the attacker had copied some of GHC-SCW’s data, which included protected health information (PHI). The PHI that the attacker stole may have included name, address, telephone number, e-mail address, date of birth and/or death, social security number, member number, and Medicare and/or Medicaid number. Their discovery was confirmed when the attacker, a foreign ransomware gang, contacted GHC-SCW claiming responsibility for the attack and stealing their data.
GHC-SCW has no indication that information has been used or further disclosed. To reduce the risk of this happening again, they have implemented enhanced security measures across all their systems and networks. This includes strengthening existing controls, data backup, user training and awareness and other measures.
Cleanliness in Hospitals: Clinical Priority and Community Perception
Dana-Farber Receives $50M Gift for Planned Cancer Hospital
Clarinda Regional Health Center Reports Data Security Incident
Gaps in Nurses' Environmental Cleaning Knowledge Grow Amid Rising EVS Pressures
Ground Broken on the Southern Nevada Forensic Facility