Southwest Health Center in Platteville, Wisconsin is a non-profit community health provider. Yesterday they issued a notice about a data security incident they first discovered on January 11 that reportedly impacted certain systems.

An investigation determined that an unauthorized party accessed or acquired the personal and protected health information of some current and former employees, their dependents, and individuals who sought medical treatment or services at Southwest Health.

The types of information that may have been accessed or acquired included provider names, dates of birth, Social Security numbers, driver’s license or state identification card numbers, financial account numbers, medical information, and/or health insurance information.

The notice does not indicate when the attack actually began, only that it was discovered on January 11, and this incident has not yet shown up on HHS’s public breach tool, so we do not yet have the total number affected.

Steps those affected can take are provided in the full notice on Southwest Health Center’s website, including instructions on how to sign up for complimentary services Southwest Health Center is offering those being notified.

DataBreaches sent an inquiry to Southwest Health Center asking if this was a ransomware incident or if there was any ransom demand as the notification does not really explain what kind of incident this was other than some kind external attack. No reply was immediately available, so this post will be updated when more information becomes available.