Ransomware Attack on Rise Wisconsin Potentially Impacted 3,700 Plan Members

Rise Wisconsin is notifying over 3,700 plan members of an incident that has potentially resulted in an unauthorized individual accessing some of their protected health information (PHI). Ransomware was installed on the network of Rise Wisconsin on or around April 8, 2018. The malicious software was detected quickly, but not soon enough to stop data being encrypted.

Rise Wisconsin (Formerly Community Partnerships Inc., and Center for Families) hired a third party computer forensics specialist to help with the investigation of the ransomware attack and the restoration process. Although the investigation didn’t uncover proof that PHI was viewed or stolen by the attackers, it wasn’t possible to totally rule out data access and theft.

The information that could potentially have been accessed includes names, birth dates, addresses and Social Security numbers. Some patients had a limited amount of medical data compromised but financial information was not stored on the compromised devices. Rise Wisconsin hasn’t revealed the ransom amount demanded by the attackers asked in exchange for the security keys to recover the encrypted data, nor or the ransom demand was paid.

Rise Wisconsin takes the security of patient information seriously and had implemented a several security measures to block the accessing of PHI by unauthorized persons. But in this instance, the controls employed were insufficient to prevent the attack. Steps have now been taken to improve security and stop similar ransomware attacks in the future. Those measures include further restricting network access and providing staff with additional security training.

Rise Wisconsin reported the incident to appropriate authorities and the matter is being investigated by law enforcement. The breach incident reported to the Department of Health and Human Services’ Office for Civil Rights indicates 3,731 plan members were impacted by the ransomware attack.