Cyber Incident Victim: Southwest Healthcare Services
Date:
Oct 2022
Location:
United States of America
Summary
Southwest Healthcare Services experienced a cybersecurity incident where an unauthorized party accessed its computer systems, compromising sensitive patient information including names, dates of birth, addresses, Social Security numbers, driver’s license numbers, health insurance details, and protected health information. The healthcare provider initiated an investigation with external cybersecurity experts upon detecting the breach, confirming unauthorized access to files containing confidential data. Affected individuals were notified of the exposure, which potentially exposed them to identity theft and fraud risks due to the nature of the compromised information.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Southwest Healthcare Services, a non-profit healthcare provider based in Bowman, North Dakota, announced a data breach on March 31, 2023, through a filing with the Montana Attorney General and a notice on its website. The organization discovered that an unauthorized party potentially accessed protected health information, prompting an internal investigation aided by external cybersecurity professionals. This investigation confirmed on January 31, 2023, that the intruder had infiltrated certain files on Southwest's computer network during a two-day period from October 28 to October 29, 2023. Subsequent analysis revealed these files contained sensitive patient data, including names, dates of birth, addresses, Social Security numbers, driver’s license numbers, health insurance details, and protected health information. The compromised information varied by individual but exposed multiple critical identifiers that could facilitate identity theft or fraud. Southwest Healthcare Services completed its review of affected files and initiated notification letters to impacted patients on March 31, 2023, exactly two months after confirming the breach scope.
The breach affected patients of Southwest Healthcare Services Hospital and its affiliated entities, including Sunrise Village Assisted Living, Sunset Nursing Home, and Southwest Medical Clinic. Founded in 2001 through the consolidation of St. Luke’s Tri-State Hospital and Sunset Care Corporation, the organization employs over 138 staff and generates approximately $27 million in annual revenue. While the company did not disclose the method of intrusion or how the breach was initially detected, the incident exposed highly sensitive data typically targeted in healthcare breaches due to its value for financial crimes. Southwest’s public communications emphasized the involvement of cybersecurity experts during the investigation but did not specify containment measures or system modifications implemented post-breach. The delayed timeline between the October 2023 network access and the March 2023 patient notifications followed a four-month investigative period to determine impacted individuals and data types. No information was provided regarding the number of affected patients, law enforcement involvement, or specific technical vulnerabilities exploited in the attack.