Skip Navigation
Select Language
GHC-SCW will be implementing holiday hours in observance of Memorial Day.
Click Here for Holiday Hours
Close

Notice of Data Privacy Event

Scroll to learn more
Notice of Data Privacy Event
Scroll to learn more

Group Health Cooperative of South Central Wisconsin (GHC-SCW) takes the privacy and security of the information in our possession seriously. Unfortunately, this notice is to inform individuals of a recent security incident that impacted their personal information.

 

In the early morning hours of January 25th, 2024, GHC-SCW identified unauthorized access to our network. Our Information Technology (IT) Department purposefully isolated and secured our network, causing several of our systems to be temporarily unavailable. The attacker attempted to encrypt GHC-SCW’s system but was unsuccessful. As part of our response effort, we reported the incident to the Federal Bureau of Investigation (FBI) and hired outside cyber incident response resources to assist us in restoring and verifying the security of our network and systems, and to investigate the attack. These resources successfully allowed GHC-SCW to bring our systems back online methodically and safely.

 

On February 9, 2024, during our investigation, we discovered indications that the attacker had copied some of GHC-SCW’s data, which included protected health information (PHI). The PHI that the attacker stole may have included name, address, telephone number, e-mail address, date of birth and/or death, social security number, member number, and Medicare and/or Medicaid number. Our discovery was confirmed when the attacker, a foreign ransomware gang, contacted GHC-SCW claiming responsibility for the attack and stealing our data.

 

We have no indication that information has been used or further disclosed. Please be assured that we have taken additional steps to help mitigate any harm that might result from this incident by working with the FBI and U.S. Cybersecurity and Infrastructure Security Agency (CISA), informing all affected individuals, all necessary state and federal agencies, and certain consumer reporting agencies. To reduce the risk of this happening again, we have implemented enhanced security measures across all our systems and networks. This includes strengthening existing controls, data backup, user training and awareness, and other measures.

 

Please review communications from GHC-SCW and other healthcare providers, including electronic messages, billing statements, and other communications. If you notice anything that you did not authorize or services you did not receive, contact GHC-SCW immediately. If you have general questions regarding this incident, please contact our Member Services department at (800) 605-4327. If you think you may have been impacted and did not receive a notification letter, or have questions about this incident, please contact privacy@ghcscw.com or call GHC-SCW’s Privacy Officer at (608) 662-4899 during normal business hours.

 

For additional guidance on steps to take to protect your personal information please visit ghcscw.com/cybersecurity/ or contact the Federal Trade Commission at www.ftc.gov or (877) 438-4338.

What Can I Do To Protect Myself?

To date, we are not aware of any reports of identity fraud or improper use of any information as a direct result of this event. It is still important to secure your personal information while we complete the full investigation and identify if any personal health information was impacted. Out of an abundance of caution, we are sharing tips and resources to help you protect your data privacy. The Federal Trade Commission www.ftc.gov and the Consumer Financial Protection Bureau https://www.consumerfinance.gov/ provide a variety of resources and suggestions to protect your identity and information. Some of those steps include:

  • Credit Freeze: Reach out to the three credit bureaus to freeze your credit. When you place a security freeze, creditors cannot access your credit report. This will keep them from approving any new credit account in your name, whether it is fraudulent or legitimate. Steps for doing that can be found here: www.usa.gov/credit-freeze.  We have also included additional information further down this page.
  • Change Passwords: Change your passwords associated with your important accounts such as e-mail, financial institutions and healthcare organizations.
  • Two-Factor Authentication: Enable two-factor authentication on all of your accounts. Two-factor authentication adds an extra layer of protection to make sure that even if someone has your password, they still can’t access your account unless they also have a second, unique key.
  • Be On Alert: Be extra diligent about suspicious e-mails and unsolicited communications.

At GHC-SCW, we take the obligation to keep your information secure seriously. We want to provide you with the knowledge and resources to protect your personal information.

In addition to the recommendations we have provided above, please check out the tips below to maintain your data privacy and more details on protecting your credit information.

10 Data Privacy Tips

Cybersecurity is a shared responsibility. We are committed to protecting your personal health information and data. We also want to provide you with the knowledge and resources to keep your other personal information safe. Here are some essential tips to help you maintain your data privacy and digital well-being:

  1. Strong Passwords: Use strong passwords and change them regularly. Consider using a password manager to keep track of different passwords securely.
  2. Two-Factor Authentication: Whenever possible, enable two- or multi-factor authentication. This adds an extra layer of security by requiring additional forms of verification beyond your password. We offer two-factor authentication with GHCMyChart. To opt in to this feature for your GHCMyChart account, log in to your account by heading to the page here.
  3. Regularly Update Your Software: Ensure your regularly update the software and firmware on your electronic devices. Manufacturers often release updates to patch security vulnerabilities.
  4. Beware of Phishing: Be cautious with emails or messages from unknown sources, especially those asking for personal information. When in doubt, don’t click on links or download attachments from a contact or source you don’t recognize.
  5. Use Secure Connections: Use secure networks, especially when handling sensitive information. Public Wi-Fi can be a hotspot for digital eavesdropping, so consider using a virtual private network (VPN) for better security.
  6. Stay Informed: Keep up to date on the latest in cybersecurity and information security threats. Awareness is your first line of defense against potential risks.
  7. Regularly Check Your Financial and Credit Accounts: At least once a month, go through your credit card and financial statements or accounts to ensure there aren’t any unexpected charges that you didn’t make. If you do notice any, immediately contact your financial and credit institution to take precautionary steps to let them know your card may have been compromised. They will help you take the necessary steps to protect your information and block further access to your accounts.
  8. Know When Your Payment Due Dates: If you don’t receive a bill you were expecting in the mail or via paperless billing, contact the company that you are expecting the bill from.
  9. Read Your Health Insurance Plan Statements: Make sure that the claims that were paid match the services and care you received. If you notice a claim that doesn’t match care you received from a recent appointment, contact your health care insurance provider to let them know.
  10. Shred Documents with Any Personal Information: To keep any personal information that could be used to steal your identity, ensure that sensitive documents are shredded.

Monitor Your Credit Accounts

In addition to the tips above, you should review your credit report annually to ensure that there isn’t any incorrect or inaccurate information or activities. You are entitled to one free credit report each year from each of the three major credit reporting bureaus:

  1. Equifax
  2. Experian
  3. TransUnion

To order your free credit report, visit www.annualcreditreport.com or call 1-877-322-8228. You may also directly contact these three major credit reporting bureaus to request a free copy of your credit report. Check out the table further down the page for more details.

If you see suspicious activity on your credit or financial accounts, there are steps you can take to protect your information. You can place a fraud alert or a credit freeze on your credit report even if you haven’t been impacted by identity theft. These steps can help safeguard your information and ensures extra steps are taken to verify you, or a source you have authorized, are accessing your credit information.

 

Fraud Alert

If you’re worried about identity theft, you can put a free fraud alert on your credit report. This alert lasts one year but can be extended for seven years if you’ve been a victim of identity theft. Businesses must check your identity before giving you new credit when they see this alert. Contact one of the three main credit bureaus listed further below to set up a fraud alert.

 

Credit Freeze

As an alternative to a fraud alert, you can put a credit freeze on your credit report. This stops companies from accessing your credit report without your permission. It also stops anyone from opening new lines of credit in your name without your knowledge. However, it’s important to know that putting a freeze on your credit report can delay or prevent your applications for loans, credit cards and other financial services. The good news is that federal law prohibits credit bureaus from charging you to freeze or unfreeze your credit. To request a credit freeze, you may need to provide the following information:

  1. Full name (including middle initial and suffixes, such as Jr., Sr., II, III, etc.)
  2. Social Security number
  3. Date of birth
  4. Addresses from the past two to five years
  5. Proof of current address, such as a current utility or telephone bill
  6. A legible photocopy of a government-issued identification card (state driver’s license or ID card, etc.) and
  7. A copy of either the police report, investigative report or complaint to a law enforcement agency if you are a victim of identity theft

 

Contact Information for a Fraud Alert or Credit Freeze

Should you wish to place a fraud alert or a credit freeze, please contact the three major credit reporting bureaus listed below:

Equifax Experian TransUnion
https://www.equifax.com/personal/credit-report-services/ https://www.experian.com/help/ https://www.transunion.com/credit-help
1-888-298-0045 1-888-397-3742 1-800-916-8800
Equifax Fraud Alert
P.O. Box 105069
Atlanta, GA 30348-5069
Experian Fraud Alert
P.O. Box 9554
Allen, TX 75013
TransUnion Fraud Alert
P.O. Box 2000
Chester, PA 19016
Equifax Credit Freeze
P.O. Box 105788
Atlanta, GA 30348-5788
Experian Credit Freeze
P.O. Box 9554
Allen, TX 75013
TransUnion Credit Freeze
P.O. Box 160
Woodlyn, PA 19094

 

 

Additional Information

You can find more information about identity theft, fraud alerts, credit freezes and the steps you can take to protect your personal information. Contact the consumer reporting bureaus ( Equifax, Experian and TransUnion), the Federal Trade Commission or your state Attorney General.

If you believe you are the victim of identity theft, you should contact the proper law enforcement authorities, including local law enforcement, and consider contacting your state attorney general and/or the Federal Trade Commission (“FTC”). You may obtain information from the FTC and the credit reporting agencies listed above about placing a fraud alert and/or credit freeze on your credit report. You may contact the FTC to obtain additional information about avoiding identity theft at the following:

Federal Trade Commission
600 Pennsylvania Ave NW
Washington, DC 20580
www.identitytheft.gov 1-877-ID-THEFT (1-877-438-4338)

TTY: 1-866-653-4261

The Federal Trade Commission also encourages those who discover that their information has been misused to file a complaint with them. You can obtain further information on how to file such a complaint by way of the contact information listed above. You have the right to file a police report if you ever experience identity theft or fraud. Please note that to file a report with law enforcement for identity theft, you will likely need to provide some proof that you have been a victim. Instances of known or suspected identity theft should also be reported to law enforcement and your state Attorney General.