Cyber Incident Victim: South Country Health Alliance

On June 25, 2020, unauthorized access occurred to an employee email account at South Country Health Alliance (SCHA), a Minnesota-based healthcare organization. The breach remained undetected until September 14, 2020, when SCHA discovered the intrusion through unspecified means. Upon discovery, SCHA immediately secured the compromised email account, initiated an internal investigation, and engaged external cybersecurity experts to assist. The organization spent seven weeks reviewing the email account's contents before determining on November 5, 2020, that personal and protected health information of SCHA community members may have been exposed. This extended review period occurred despite the breach involving only a single email account, with no explanation provided for the time required to assess its contents. The delay between the June intrusion and September discovery represented a three-month gap where the breach remained undetected.

The compromised data included names, Social Security numbers, addresses, Medicare and Medicaid identification numbers, health insurance information, diagnostic or treatment details, dates of death, provider names, and treatment cost information. SCHA mailed notification letters to affected individuals on December 30, 2020 – six months after the initial breach and 60 days after confirming PHI involvement. The organization established a toll-free call center operating Monday through Friday to address member inquiries and facilitate enrollment in complimentary credit monitoring and identity protection services. While SCHA stated no evidence of information misuse had been identified, they acknowledged the incident potentially impacted members' personal data. The organization expressed regret for the incident and announced implementation of unspecified preventive measures to avoid future occurrences, characterizing information protection as a top priority throughout their response.