Threat Actor: BlackSuit gang | BlackSuit gang
Victim: Group Health Cooperative | Group Health Cooperative
Price: N/A
Exfiltrated Data Type: Protected health information (PHI), member/patient name, address, telephone number, e-mail address, date of birth and/or death, social security number, member number, and Medicare and/or Medicaid number.
Additional Information :
- The data breach occurred on January 24, 2024.
- 533,809 individuals were affected by the breach.
- The breach was discovered on January 25, 2024.
- The attacker attempted to encrypt GHC-SCW’s system but was unsuccessful.
- The attacker copied some of GHC-SCW’s data, including PHI.
- A ransomware group, BlackSuit gang, claimed responsibility for the attack and stealing the data.
- The potentially compromised PHI may have included various personal information.
- The ransomware group claimed to have stolen patient and member data, financial documents, employee data, NDAs, contracts, several databases, and emails.
- The company has no indication that the stolen information has been used or further disclosed.
- Group Health Cooperative has implemented enhanced security measures across all systems and networks.
The Group Health Cooperative of South Central Wisconsin (GHC-SCW) is a non-profit organization that provides health insurance and medical care services to its members in the Madison metropolitan area of Wisconsin.
The organization disclosed a data breach after a ransomware attack, the incident impacted 533,809 individuals.
The data breach occurred on January 24, 2024, and was discovered on January 25 when GHC-SCW identified unauthorized access to its network. The Information Technology (IT) Department isolated and secured the organization’s network in response to the incident.
The Group Health Cooperative of South Central Wisconsin (GHC-SCW) notified the FBI and is responding to the incident with the help of external cybersecurity experts.
“The attacker attempted to encrypt GHC-SCW’s system but was unsuccessful.” reads the data breach notification shared with the Maine Attorney General. “On February 9, 2024, during our investigation, we discovered indications that the attacker had copied some of GHC-SCW’s data, which included protected health information (PHI).”
The potentially compromised PHI may have included member/patient name, address, telephone number, e-mail address, date of birth and/or death, social security number, member number, and Medicare and/or Medicaid number.
A ransomware group contacted the organization claiming the theft of data.
“Our discovery was confirmed when the attacker, a foreign ransomware gang, contacted GHC-SCW claiming responsibility for the attack and stealing our data,” continues the notification letter.
The data breach notification doesn’t name the ransomware group that hit the organization, however the BlackSuit gang added Group Health Cooperative to it Tor leak site in March. The ransomware group claimed to have stolen patient and member data, financial documents, employee data, NDAs, contracts, several databases, and emails.
The company pointed out that they have no indication that information has been used or further disclosed.
Group Health Cooperative also added that they have implemented enhanced security measures across all our systems and networks.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Group Health Cooperative)
Original Source: https://securityaffairs.com/161693/data-breach/group-health-cooperative-data-breach.html