Cyber Incident Victim: Southcentral Foundation

Southcentral Foundation (SCF), an Alaska-based healthcare organization, detected unauthorized access to two employee email accounts containing protected health information in October 2016. The organization first identified a potential security incident on October 18, prompting an investigation with external consultants. Forensic analysis revealed that one email account had been compromised from October 17-18, while the second account was accessible to unauthorized parties from October 14-18. Both accounts were immediately disabled upon confirmation of the breach. The incident exposed sensitive data belonging to 14,719 patients and stakeholders referred to as customers-owners in SCF's notification.

The compromised email accounts contained extensive protected health information including full names, medical record numbers, dates of birth, addresses, and Social Security numbers. Additional exposed data encompassed Medicaid ID numbers, tribal identification documents, birth certificates, photographs, medical histories, provider names, treatment details, diagnosis information, dates of service, and family member relationships with contact information. SCF confirmed the breach resulted from external hacking of employee email credentials rather than a systemic network intrusion. The organization began notifying affected individuals in December 2016 and offered complimentary credit monitoring and identity theft protection services through AllClear ID. No evidence suggested actual misuse of the exposed data at the time of notification, though the breadth of compromised information created significant privacy risks for impacted individuals.