Wisconsin Cybersecurity Incidents: Notable Breaches & Ransomware Attacks

Wisconsin's economy blends legacy manufacturing strength with a growing healthcare sector and an increasingly technology-dependent agriculture industry, creating a cyber risk profile that is both broad and underestimated. The state is home to Rockwell Automation, GE Healthcare, Harley-Davidson, and SC Johnson, alongside one of the nation's largest dairy and agricultural technology sectors. These industries collectively process enormous volumes of proprietary manufacturing data, patient health records, and agricultural systems data that attackers find valuable.

Many Wisconsin organizations — particularly manufacturers and agricultural businesses — have historically underinvested in cybersecurity, viewing it as primarily a concern for technology companies or financial institutions. The incidents documented below demonstrate that this assumption is dangerously outdated. Ransomware gangs, cybercriminals, and even nation-state actors are actively targeting Wisconsin businesses. For a broader analysis of the risks facing the state, see our overview of the Wisconsin cyber threat landscape.

Major Cyber Incidents in Wisconsin: A Timeline

2015 — Anthem Breach (Wisconsin Blue Cross Blue Shield Members)

In 2015, health insurer Anthem disclosed a massive breach affecting approximately 78.8 million individuals nationwide, including members of the Anthem Blue Cross and Blue Shield plan in Wisconsin. The attack, attributed to a Chinese state-sponsored group, compromised names, Social Security numbers, dates of birth, addresses, and employment information. Wisconsin members were among those affected, and the incident prompted class action litigation that ultimately resulted in a $115 million settlement — one of the largest healthcare breach settlements in U.S. history.

2019 — Winnebago County Government Ransomware Attack

In early 2019, Winnebago County experienced a ransomware attack that disrupted county government operations, affecting administrative systems and public-facing services. The attack forced the county to take systems offline and work with cybersecurity investigators to restore operations. While the county did not publicly disclose the ransom demand or whether it was paid, the incident disrupted services for residents and highlighted the vulnerability of local government IT infrastructure in Wisconsin.

2020 — University of Wisconsin Health Phishing Breach

UW Health, the integrated health system affiliated with the University of Wisconsin, disclosed a phishing-related data breach in 2020 after employees fell victim to targeted phishing emails. The compromised accounts contained patient information including names, dates of birth, medical record numbers, and clinical information. UW Health notified affected patients and implemented additional email security controls. The incident was one of several healthcare-related breaches affecting Wisconsin organizations during the pandemic period when rapid IT changes expanded the attack surface.

2021 — Advocate Aurora Health Pixel Tracking Disclosure

Advocate Aurora Health, which operates hospitals and clinics across Wisconsin and Illinois, disclosed in 2022 that the use of Meta Pixel and Google tracking code on its patient portal and scheduling websites had inadvertently transmitted protected health information to third parties. The disclosure affected approximately 3 million patients, including those who used Advocate Aurora's MyChart portal. While not a traditional hack, the incident demonstrated how commonly used web analytics tools can create unintended HIPAA violations and data exposures in healthcare settings.

2022 — Racine Unified School District Ransomware

Racine Unified School District, one of the largest school districts in Wisconsin, suffered a ransomware attack in 2022 that disrupted IT systems and forced the district to cancel some technology-dependent operations. The attack affected administrative systems, and the district engaged cybersecurity specialists and law enforcement to investigate and recover. The incident reflected a broader national trend of ransomware groups targeting K-12 school systems, which typically operate with limited cybersecurity budgets.

2023 — Ascension Wisconsin Cyber Incident

Ascension, one of the largest nonprofit health systems in the United States, experienced a significant cybersecurity incident in 2023-2024 that affected operations across multiple states including Wisconsin. The attack disrupted clinical systems at Ascension Wisconsin facilities, forcing some hospitals to divert ambulances and switch to manual documentation processes. The incident affected access to electronic health records and other clinical applications, impacting patient care across Ascension's Wisconsin hospitals in Milwaukee, Racine, and other locations.

2024 — Wisconsin Manufacturing Firm Supply Chain Attack

In 2024, several Wisconsin manufacturing firms reported being affected by supply chain compromises that exploited vulnerabilities in industrial software used for production management and quality control. While specific company names were not publicly disclosed, the attacks targeted mid-sized manufacturers in the Fox Valley and Milwaukee regions, encrypting production systems and stealing proprietary manufacturing data. The incidents prompted the Wisconsin Manufacturing Extension Partnership to issue advisories about the risks facing manufacturing IT environments.

Wisconsin's Data Breach Notification Law

Wisconsin's data breach notification requirements are codified in Wisconsin Statute Section 134.98. The law requires any entity that maintains personal information of Wisconsin residents to notify affected individuals if their personal information was acquired by an unauthorized person. The notification must be made within a reasonable time, not to exceed 45 days from the date the entity learns of the breach. The statute was updated in 2021 to add the 45-day deadline, replacing the previous "reasonable time" standard.

Personal information under the statute includes a name combined with a Social Security number, driver's license number, financial account number with access credentials, DNA profile, or unique biometric data. If the breach affects more than 1,000 Wisconsin residents, the entity must also notify consumer reporting agencies. The Wisconsin Department of Agriculture, Trade and Consumer Protection (DATCP) has enforcement authority. For a full analysis of Wisconsin's compliance requirements, see our Wisconsin cybersecurity compliance guide.

Which Wisconsin Industries Are Most Targeted?

Manufacturing

Wisconsin is one of the top manufacturing states in the country, with over 9,000 manufacturing companies employing approximately 470,000 workers. The state produces everything from industrial automation equipment (Rockwell Automation) to motorcycles (Harley-Davidson) to paper products (Kimberly-Clark). Manufacturers face ransomware threats that can halt production lines, intellectual property theft targeting proprietary processes, and increasingly sophisticated attacks that cross from IT to OT environments. Organizations handling sensitive production data should evaluate managed IT solutions for manufacturing.

Healthcare

GE Healthcare's headquarters in Milwaukee, combined with major health systems like Advocate Aurora Health, Ascension Wisconsin, Froedtert Health, and UW Health, make healthcare one of the state's most valuable and most targeted sectors. Patient data is highly valuable on dark web markets, and Wisconsin's healthcare institutions have experienced multiple significant breaches. The healthcare IT security landscape demands continuous investment in defensive capabilities.

Agriculture and Food Processing

Wisconsin is the nation's leading cheese producer and a top state for dairy production overall, with agriculture and food processing representing a critical economic sector. Modern dairy operations increasingly rely on connected IoT devices for herd management, automated milking systems, and supply chain tracking. Food processing facilities use industrial control systems that present the same IT/OT convergence risks as traditional manufacturing. While agriculture has not been a high-profile target historically, the sector's rapid digitization is creating new vulnerabilities.

What Wisconsin Businesses Must Do After a Breach

Wisconsin businesses that experience a data breach must investigate promptly and notify affected individuals within 45 days of learning about the breach. If more than 1,000 Wisconsin residents are affected, consumer reporting agencies must also be notified. There is no explicit requirement to notify a state agency, though the DATCP has enforcement authority over the statute.

Beyond legal requirements, businesses should contain the breach by isolating affected systems, engage incident response specialists to determine the scope and cause, preserve forensic evidence for potential law enforcement involvement, and begin remediation. Understanding what managed IT services include can help organizations establish incident response readiness before a breach occurs.

How to Protect Your Wisconsin Business Before an Incident

Wisconsin's manufacturing-heavy economy presents unique cybersecurity challenges that require attention to both IT and OT environments. The following measures are essential for Wisconsin businesses:

• Segment IT and OT networks: Manufacturers must ensure that compromising an office workstation does not provide direct access to production control systems. Network segmentation is the single most important control for preventing ransomware from reaching operational technology.

• Implement multi-factor authentication: MFA should be required for all remote access, email, cloud applications, and privileged accounts. The phishing attacks that have breached Wisconsin healthcare organizations would have been significantly harder to execute with MFA in place.

• Deploy endpoint detection and response: Traditional antivirus is not adequate for the threats facing Wisconsin businesses. EDR provides continuous monitoring and the ability to detect and respond to threats that evade signature-based detection.

• Maintain offline, encrypted backups: Ransomware attacks against Wisconsin schools, manufacturers, and governments demonstrate that robust backups are the difference between a manageable incident and a catastrophic one.

• Address web tracking and pixel compliance: The Advocate Aurora Health disclosure showed that healthcare organizations must audit all tracking technologies on patient-facing websites and portals to avoid inadvertent HIPAA violations.

Frequently Asked Questions

How many data breaches are reported in Wisconsin each year?

Wisconsin does not publish aggregate annual breach statistics through a centralized portal. However, the Wisconsin Department of Agriculture, Trade and Consumer Protection receives breach reports and handles consumer complaints. Based on national trends, hundreds of Wisconsin organizations experience reportable data breaches annually, with healthcare, education, and government being the most frequently affected sectors.

Is Wisconsin a high-risk state for cyberattacks?

Wisconsin faces moderate-to-high cyber risk driven primarily by its large manufacturing sector, significant healthcare industry, and growing agricultural technology adoption. While the state does not face the same level of nation-state targeting as defense-heavy states, its manufacturers are increasingly targeted by ransomware groups, and its healthcare institutions face the same elevated threat level as healthcare organizations nationwide.

What is the notification deadline for data breaches in Wisconsin?

Wisconsin Statute Section 134.98 requires notification to affected individuals within 45 days of the entity learning about the breach. If more than 1,000 Wisconsin residents are affected, consumer reporting agencies must also be notified.

Does Wisconsin have a comprehensive consumer privacy law?

No. As of 2025, Wisconsin does not have a comprehensive consumer data privacy law comparable to those enacted in California, Virginia, Colorado, or Connecticut. The state's primary data protection statute is the breach notification law under Section 134.98. Privacy legislation has been introduced but has not yet passed.

Are Wisconsin manufacturers required to meet specific cybersecurity standards?

There is no general state mandate for manufacturing cybersecurity standards. However, manufacturers that are part of the defense industrial base must comply with CMMC 2.0 requirements. Automotive industry suppliers may need to meet TISAX standards. And manufacturers increasingly face cybersecurity requirements from their customers and insurance providers as a condition of doing business.

What role does agriculture play in Wisconsin's cyber risk?

Wisconsin's agriculture sector — particularly dairy operations and food processing — is undergoing rapid digitization, with connected IoT sensors, automated systems, and precision agriculture technology expanding the attack surface. While agriculture has not been a primary target historically, the increasing connectivity of these systems creates vulnerabilities that could disrupt food supply chains if exploited.