By HFT Staff

In the early morning hours of January 25, 2024, Group Health Cooperative of South Central Wisconsin (GHC-SCW) identified unauthorized access to their network. Their Information Technology (IT) Department purposefully isolated and secured their network, causing several of their systems to be temporarily unavailable. The attacker attempted to encrypt GHC-SCW’s system but was unsuccessful.  

As part of their response effort, they reported the incident to the Federal Bureau of Investigation (FBI) and hired outside cyber incident response resources to assist them in restoring and verifying the security of their network and systems, and to investigate the attack. These resources successfully allowed GHC-SCW to bring their systems back online methodically and safely. 

On February 9, 2024, during their investigation, they discovered indications that the attacker had copied some of GHC-SCW’s data, which included protected health information (PHI). The PHI that the attacker stole may have included name, address, telephone number, e-mail address, date of birth and/or death, social security number, member number, and Medicare and/or Medicaid number. Their discovery was confirmed when the attacker, a foreign ransomware gang, contacted GHC-SCW claiming responsibility for the attack and stealing their data. 

GHC-SCW has no indication that information has been used or further disclosed. To reduce the risk of this happening again, they have implemented enhanced security measures across all their systems and networks. This includes strengthening existing controls, data backup, user training and awareness and other measures.