Tuesday, March 19, 2019

Wolverine Solutions Group Notifies 600,000 Patients of Data Breach

The breaches just keep on occurring and I keep reporting them in an attempt to help you readers understand how important data security is and how vigilant we all need to be.  If the professionals in this space are getting hacked, it’s that much easier for the bad guys when they turn their attention on us.
This latest event comes from the state of Michigan where a company named Wolverine Solutions Group has announced a breach that affected over 600,000 patients.  The company "performs services for health-related business clients”.  Among those clients is Blue Cross Blue Shield of Michigan, Helath Alliance Plan, Three Rivers Health, North Ottawa Community Health System, Mary Free Bed Rehabilitation Hospital, Covenant Hospital, Sparrow Hospital, and McLaren Health Care.  
In September, WSG was hit by a Ransomware attack which caused hard drives containing patient data to become encrypted and therefore inaccessible.  The company began to decrypt the files beginning on October 3rd and managed to get all files restored by October 25th.
The company began notifying patients and updated their announcement on February 27th, 2019.


Wolverine Services Group (“WSG”) performs services for health-related business clients, including various health plans and hospital systems (“Healthcare Clients”). We are posting this statement on our website as a precautionary measure and as part of our commitment to patient privacy. WSG takes patients’ privacy seriously, and it is important to us that you and the community that we serve are made fully aware of a recent security incident at WSG, which potentially involves personal information of health plan members and hospital patients.


On approximately September 25, 2018, WSG discovered that an unauthorized party gained access to its computer system and infected the system with malware. The malware encrypted many of WSG’s records, which made them inaccessible, in an effort to extort money from us. This is commonly referred to as “ransomware.”

Shortly after WSG learned of the incident, we began an internal investigation and hired outside forensic security experts to help us. A team of forensic experts arrived on October 3, 2018 to begin the decryption and restoration process. All impacted files needed to be carefully “cleaned” of any virus remnants prior to their review by forensic investigators. Most critical programs requiring decryption were restored by October 25, 2018, and WSG’s critical operations were running by November 5, 2018. However, the forensic team continued its decryption efforts on the impacted files to determine the type of information that was affected, the identities of our Healthcare Clients, and the specific individuals involved. Beginning in November and continuing in December, January, and early February, WSG discovered and was able to identify those Healthcare Clients whose information was impacted by the incident. The timing of our notices to impacted individuals has been based on these “rolling” discovery dates.  The first notices were mailed on December 28, 2018. Additional notices have been mailed in February and further notices will be mailed in March.  


As a result of our investigation, WSG believes that the records were simply encrypted. There is currently no indication that the information itself was extracted from WSG’s servers. Nevertheless, given the nature of the affected files, some of which contained individual patient information (names, addresses, dates of birth, social security numbers, insurance contract information and numbers, phone numbers, and medical information, including some highly sensitive medical information), out of an abundance of caution, we mailed letters to all impacted individuals recommending that they take immediate steps to protect themselves from any potential misuse of their information.




WSG is taking steps to guard against identity theft or fraud. We arranged for affected individuals to have AllClear ID protect their identity. The following identity protection services start on the date of the individual receiving a notice letter and can be used at any time during the next 12 months.


AllClear Identity Repair: This service is automatically available to you with no enrollment required. If a problem arises, simply call 855-861-4034and a dedicated investigator will help recover financial losses and restore your credit.


AllClear Fraud Alerts with Credit Monitoring: This service offers the ability to set, renew, and remove 90-day fraud alerts on your credit file to help protect you from credit fraud. In addition, it provides credit monitoring services, a once annual credit score and credit report, and a $1 million identity theft insurance policy. To enroll in this service, you will need to provide your personal information to AllClear ID. You may sign up online at enroll.allclearid.com or by phone by calling 855-861-4034. You will need to contact AllClear to obtain a Redemption Code to enroll in this services.


We also want to note that following your enrollment, additional steps are required by you in order to activate your AllClear phone alerts and fraud alerts, and to pull your credit score and credit file. Additional steps may also be required in order to activate your monitoring options.


We recommend you remain vigilant and consider taking one or more of the following steps to protect your protected health information or personal information:


Contact the nationwide credit-reporting agencies as soon as possible to add a fraud alert statement to your credit file at all three national credit-reporting agencies;
Remove your name from mailing lists of pre-approved offers of credit for approximately six months;
Receive a free copy of your credit report by going to www.annualcreditreport.com;
Pay close attention to all bills and credit-card charges you receive for items you did not contract for or purchase;
Review all of your bank account statements frequently for checks, purchases, or deductions not made by you;
If you suspect or know that you are the victim of identity theft, you should contact local police and you also can report this to the Fraud Department of the FTC.
We also recommend that you regularly review statements from your accounts (i.e., account statements and Explanations of Benefits (“EOB”)) and periodically obtain your credit report from one or more of the national credit reporting companies. You may obtain a free copy of your credit report online at www.annualcreditreport.com, by calling toll-free 1-877-322-8228, or by mailing an Annual Credit Report Request Form (available at www.annualcreditreport.com) to: Annual Credit Report Request Service, P.O. Box 105281, Atlanta, GA, 30348-5281. You may also purchase additional copies of your credit report by contacting one or more of the three nationwide consumer reporting agencies listed below.


Equifax:           P.O. Box 740241, Atlanta, Georgia 30374-0241, 1-800-685-1111, www.equifax.com


Experian:         P.O. Box 9532, Allen, TX 75013, 1-888-397-3742, www.experian.com 


TransUnion:    P.O. Box 1000, Chester, PA 19022, 1-800-888-4213 www.transunion.com


When you receive your credit reports, account statements and EOBs, review them carefully.  Look for accounts or creditor inquiries, transactions or services that you did not initiate or do not recognize.  Look for information, such as home address and Social Security Number, which is not accurate.  If you see anything you do not understand, call the consumer reporting agency at the telephone number on the report, the company issuing the account statement, your provider rendering services or the insurance company issuing your EOB. Additional information regarding Identity Theft Protection is available here.  We have also posted a list of Frequently Asked Questions, which is available here.


We take the protection of your personal information seriously and took steps to prevent a similar occurrence. We migrated to a different computer system that has added protections and trained our workforce in safeguards.


If you have further questions about identify protection services, please contact enroll.allclearid.com or by phone by calling 855-861-4034.  We sincerely apologize to you and all our Healthcare clients for concern caused by this incident.



Wolverine Solutions Group

1 comment: