Cybersecurity vendor South Western Communications this week notified an undisclosed number of people about a December 2023 ransomware attack and data breach. The company’s website says SWC protects 5 million K-12 students, 78,000 hospital beds, and 250 government facilities.
The notice (PDF), dated July 26, 2024, reads:
On December 22, 2023, SWC experienced an encryption event that resulted in a network disruption. Upon discovering the incident, we swiftly took steps to secure our digital environment. We also engaged a digital forensics and incident response firm to conduct an investigation to determine whether any data may have been affected. The investigation revealed that certain data stored on the SWC network may have been accessed or acquired without authorization between December 21, 2023, and December 22, 2023. SWC then undertook a comprehensive review of the potentially affected data.”
SWC has not publicly disclosed how many people are affected or exactly what data was compromised, but its notice does mention “personal and/or protected health information.” SWC has not stated whether any student or medical information was compromised during the breach. SWC is offering victims free identity theft protection via CyberScout.
No ransomware gang has claimed responsibility for the attack as of time of writing. SWC has not disclosed whether a ransom was demanded or paid, but the notice’s reference to an “encryption event” implies this was a ransomware attack.
Comparitech contacted SWC for comment and will update this article if it responds.
About SWC
South Western Communications is a cybersecurity and communications vendor for K-12 schools, hospitals, government facilities, prisons, and private enterprises. Its solutions include on-site access control, security camera systems, classroom dismissal, audio-visual communications, and more.
Its website says it has secured 5 million K-12 students, 78,000 hospital beds, 250 government facilities, and more than 700 detention projects, which includes prisons and jails.
According to its website, SWC’s clients include Ascension, Emory Healthcare, Fisk University, Gwinnett County Public Schools, Indiana University Health, Dollar General, Daviess County Public Schools, Wellstar Health System, Piedmont, Metro Nashville Public Schools, DeKalb County School District, Christian Academy School System, and several local law enforcement agencies around the country.
Ransomware attacks on US schools and hospitals
Most ransomware attacks encrypt data on target computer systems. Those systems become unusable until a ransom is paid to decrypt them. Many ransomware attacks also steal data and send it to the attacker. That data can then be held for additional ransom, under threat of selling it or releasing it to the public.
Ransomware attacks on schools can disrupt operations in and out of the classroom, from grades and assignments to payroll and administration. Schools might be forced to cancel classes or revert to pen and paper until systems are restored.
Attacks on hospitals can cripple systems like appointment booking, billing, prescriptions, and access to electronic medical records.
In 2024, Comparitech researchers logged 26 ransomware attacks on US education institutions, affecting 24,054 records. In 2023, we recorded 113 such attacks on US schools and colleges. These attacks affected nearly 2.5 million records.
We recorded 43 confirmed ransomware attacks on healthcare organizations in the US so far this year, affecting 5,376,911 records. The average ransom in the healthcare sector is about $915,000.