Hundreds healthcare facilities and more than one million patients had their information compromised when their shared third-party vendor Wolverine Solutions Group (WSG) suffered a ransomware attack in September 2018.
WSG, which handles billing and mailing services for the healthcare organizations, said its files were encrypted on Sept. 25, 2018 by a ransomware attack. The decryption and restoration process started on Oct. 3 with critical operations being restored by November 5. A local newspaper for one of the affected facilities, The Three Rivers News, noted that 700 companies and 1.2 million people were affected.
“Beginning in November and continuing in December, January, and early February, WSG discovered and was able to identify those Healthcare Clients whose information was impacted by the incident,” WSG said, adding it has notified its clients of the issue as each was discovered to have been covered by the attack.
The information involved was patient information (names, addresses, dates of birth, social security numbers, insurance contract information and numbers, phone numbers, and medical information, including some highly sensitive medical information. WSG believes the information was only encrypted and not accessed.
The company has not stated how many of its clients were affected, but Mary Free Bed Rehabilitation Hospital, the Health Alliance Plan, North Ottawa Community Health System and Three Rivers Health are among the healthcare facilities that have recently come forward stating they are involved.