Cyber Incident Victim: Southwest Health Center

Southwest Health Center, a healthcare provider based in Platteville, Wisconsin, discovered a potential data security incident on January 11, 2022, impacting certain systems within its network. Upon identifying the incident, the organization immediately implemented measures to secure its network infrastructure and engaged external cybersecurity experts to conduct a forensic investigation. The investigation determined that unauthorized actors may have accessed or acquired sensitive personal and protected health information during the incident. Southwest Health subsequently initiated a comprehensive review of the potentially compromised data to identify affected individuals and the specific types of information involved. The forensic analysis confirmed the incident affected current and former employees, their dependents or beneficiaries, and individuals who had received medical treatment or services at the facility.

The compromised information included names, dates of birth, Social Security numbers, driver's license or state identification card numbers, financial account numbers, medical records, and health insurance details. On July 5, 2022—nearly six months after detection—Southwest Health began notifying potentially impacted individuals via mailed letters detailing the incident and protective measures available to them. The organization offered complimentary credit monitoring and identity theft restoration services to affected parties. Southwest Health established a dedicated toll-free call center operational Monday through Friday from 8:00 AM to 8:00 PM Central Time to address inquiries, with additional resources provided through a dedicated response website. While no actual misuse of the compromised information had been identified at the time of notification, the organization emphasized the privacy and protection of personal data as its top priority in public statements regarding the breach.