Cyber Incident Victim: RISE Wisconsin
Date:
Apr 2018
Location:
United States of America
Summary
A ransomware attack targeted RISE Wisconsin, prompting immediate system shutdowns and forensic investigation. While no evidence confirmed unauthorized data access, potential compromise could not be entirely ruled out for personal information including names, addresses, birth dates, Social Security numbers, and limited health details. The organization notified law enforcement and affected individuals, established a dedicated call center, and offered complimentary identity protection services. Security enhancements such as network access restrictions and staff training were implemented to prevent future incidents.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 8, 2018, RISE Wisconsin (formerly Community Partnerships and Center for Families) discovered it had been targeted by a ransomware attack. The organization immediately took its systems offline to contain the incident and engaged independent computer forensics experts to investigate the breach. The forensic investigation aimed to determine the attack's origin and whether unauthorized access to protected health information had occurred. While the investigation found no evidence that personal information was actually accessed or exfiltrated by the attacker, RISE Wisconsin could not definitively rule out potential compromise of sensitive data. The potentially exposed information included individuals' names, addresses, dates of birth, Social Security Numbers, and limited health information for some participants. RISE Wisconsin notified law enforcement authorities about the incident and cooperated with their investigation. The organization acknowledged the incident involved "limited protected health information" of plan participants but emphasized no evidence of attempted or actual misuse of information had been detected.
RISE Wisconsin began notifying potentially impacted individuals through mailed letters approximately two months after discovery, on or around June 7, 2018. The notification letters outlined steps participants could take to monitor and protect their personal information. The organization established a dedicated toll-free call center operational Monday through Friday from 8:00 AM to 5:00 PM Central Time to address participant concerns. As a precautionary measure, RISE Wisconsin offered complimentary identity protection services through Kroll to all potentially affected individuals. Internally, the organization implemented enhanced security measures including restricted network access and expanded staff training programs focused on information security practices. RISE Wisconsin described the privacy and protection of participant information as a top priority and expressed regret for any inconvenience or concern caused by the incident.