Wisconsin healthcare nonprofit GHC-SCW says data breach affected over 500,000 patients

Group Health Cooperative of South-Central Wisconsin, a non-profit healthcare service provider, said it experienced a significant data security incident that compromised the sensitive personal information of over 530,000 individuals.

 

Group Health Cooperative of South-Central Wisconsin, or GHC-SCW, is a non-profit, member-owned health plan provider catering to thousands of people in the south-central Wisconsin area. GHC-SCW offers a variety of healthcare plans for large and small groups, individuals, families, and government employees.

 

In a recent notice of data security incident filed with the Office of the Maine Attorney General, GHC-SCW said that on January 25, it identified suspicious activities in its internal network and its IT team immediately took mitigating steps, including taking the affected systems offline, to reduce the impact of the cyber attack.

 

The health plan provider also launched an investigation with assistance from third party cyber security experts to understand the nature and scope of the incident.

 

“The attacker attempted to encrypt GHC-SCW’s system but was unsuccessful. As part of our response effort, we reported the incident to the Federal Bureau of Investigation and hired outside cyber incident response resources to assist us in restoring and verifying the security of our network and systems, and to investigate the attack. These resources successfully allowed GHC-SCW to bring our systems back online methodically and safely,” it said.

 

On February 9, GHC-SCW’s investigation revealed that a threat actor accessed and stole sensitive personal and protected health information of its customers. The compromised data included member/patient names, addresses, telephone numbers, email addresses, dates of birth and death, social security numbers, member numbers, and Medicare and Medicaid numbers.

 

GHC-SCW said in a filing with the state regulator of Maine that at least 533,809 individuals were impacted by the data security incident.

 

“Please be assured that we have taken additional steps to help mitigate any harm that might result from this incident by working with the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA), informing all affected individuals, all necessary state and federal agencies, and certain consumer reporting agencies.

 

“To reduce the risk of this happening again, we have implemented enhanced security measures across all our systems and networks. This includes strengthening existing controls, data backup, user training and awareness, and other measures,” the healthcare services provider added.

 

While GHC-SCW found no evidence of the compromised information being misused, it advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and state attorney general.

 

The company has also offered one year of complimentary identity protection and credit monitoring services through TransUnion to all affected customers.

 

On March 10, the BlackSuit ransomware group claimed responsibility for the cyber attack on GHC-SCW and listed it as a victim on its data leak site. The group claimed to be in possession of stolen files that contain affected patients’ financial information, employees’ data, business contracts, and email correspondences.