Group Health Cooperative of South Central Wisconsin Ransomware Attack Affects 533K Patients
Group Health Cooperative of South Central Wisconsin (GHC-SCW) has notified 533,809 patients about a January cyberattack. In the early hours of January 25, 2024, an unauthorized third party accessed its network and attempted to use ransomware to encrypt files. GHC-SCW said the file encryption was not successful; however, while containing the attack and securing its systems, some of its systems were temporarily made unavailable. Third-party cybersecurity experts were engaged to investigate the incident and on February 9, 2024, evidence was uncovered that indicated the attacker had copied certain files from the network before attempting encryption. The attacker also made contact with GHC-SCW and claimed responsibility for the attack and confirmed that data had been exfiltrated from its network. The attacker, a foreign ransomware group, demanded payment to delete the stolen data. GHJC-SCW did not state whether the ransom was paid.
The review of the affected files confirmed that they contained the following types of patient information: Member/patient name, address, telephone number, e-mail address, date of birth and/or date of death, Social Security number, member number, and Medicare and/or Medicaid number. The types of data involved varied from individual to individual. At the time of issuing notification letters, no evidence had been uncovered suggesting any stolen data had been misused or further disclosed.
GHC-SCW said it notified the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) about the attack and has been working with those agencies to mitigate any harm that may result from the incident. GHC-SCW said cybersecurity measures have been enhanced across all systems and networks to reduce the risk of similar incidents in the future, including strengthening existing privacy and security controls, data backup processes, user training and awareness, and other measures. Affected patients have been offered a one-year membership to a credit monitoring service at no cost.