(TNS) — A cyberattack reported in January by Group Health Cooperative, based in Madison in south-central Wisconsin, affected 533,809 people, and the HMO told federal regulators this week that it had no access to stolen data. said it may include social security numbers.
On Thursday, Madison attorney Sam Strauss filed two class-action lawsuits in Dane County Circuit Court against Group Health over data breaches.
One of the lawsuits, filed on behalf of Madison residents and Group Health patients Gabriela Jenich and Margaret Hetzler, alleges that Group Health did not use “reasonable protections to protect patient information.” The lawsuit accuses Group Health of negligence for failing to properly respond to the breach. It defines group health as clinics, pharmacies, and health care providers.
Another lawsuit filed on behalf of senior resident Daniel Pearson is similar, but defines group health as a member-owned health plan.
Group Health confirmed the unauthorized access to its network on January 25, according to a statement released by Group Health on Tuesday. The company's information technology department secured its network and several systems were temporarily unavailable.
The hacker tried to encrypt the company's systems but was unsuccessful. Group Health reported the incident to his FBI and hired outside partners to restore and verify network security and investigate the attack.
On February 9, the company discovered evidence that the attacker had copied some of its data, including protected health information. Stolen data may include names, social security numbers, addresses, phone numbers, email addresses, dates of birth or death, group health membership numbers, Medicare numbers, and Medicaid numbers.
“Our findings were confirmed when the attackers, a foreign ransomware group, contacted (Wisconsin South Central Health Cooperative), claimed responsibility for the attack, and stole our data.” said in a statement. “There is no indication that the information was used or further disclosed.”
Representatives for Group Health declined Thursday to comment on the lawsuit. Spokeswoman Kate McLaughlin said the HMO has about 80,000 members, including more than 500,000 current and former patients of its providers.
Group Health said it worked with the FBI and the U.S. Cybersecurity and Infrastructure Security Agency and took additional steps to mitigate the damage. Potentially affected individuals, state and federal agencies, and consumer reporting agencies have been notified.
“To reduce the risk of something like this happening again, we have strengthened security measures across all of our systems and networks,” the HMO said. “This includes existing controls, backing up data, increasing user training and awareness, and other measures.”
If you have any questions, please call Member Services at 800-605-4327. Anyone who may have been affected and did not receive a notification letter should contact privacy@ghcscw.com or call 608-662-4899.
© 2024 Wisconsin State Journal (Madison, WI). Distributed by Tribune Content Agency, LLC.
