Data Breach Exposes Medical Information Of 600,000 Michiganders

March 12, 2019

Network security and privacy crime. Mixed media . Mixed media

The medical data and personal information of over 600,000 people in Michigan have been exposed. Michigan Attorney General Dana Nessel announced Monday, March 11, that a cyber attack on Wolverine Solutions Group has compromised the information of 600,000 customers of several Michigan health care companies.

These companies include Blue Cross Blue Shield of Michigan, Health Alliance Plan, and McLaren Health Care. Hackers may have accessed patients’ names, addresses, Social Security numbers, and medical information.

Wolverine Solutions Group, the target of the attack, is a health care company partnering with health plans and hospital systems across Michigan. Wolverine said they have begun notifying customers whose information was compromised.

The breach was first discovered in September 2018. Hackers breached Wolverine’s network and infected the system with malware. The hackers then seized control of the company’s records, encrypted them, and made them inaccessible in an attempt to extort the company. Since it is estimated that 15% of paper documents are misplaced, with 7.5% last completely, there has been an effort to digitize sensitive records. Unfortunately, that creates opportunities for hackers.

Some 1,734 trade secret cases were filed in 2017, and hospitals and government offices are frequent targets of ransomware. Many companies such as hospitals need to integrate their service management system with other software applications.

In February, Wolverine issued an updated public notice to its customers. The notice informed affected customers that they would receive identity protection services.

Identity theft can unfairly devastate a victim’s credit. FICO recommends that your credit utilization ratio ought to stay 30% or below your original credit limit. But fraudsters can easily max out credit cards and make it impossible for victims to take out loans.

Wolverine’s notice didn’t say how the hackers were able to access the company’s system or how long they went undetected. “[We] mitigated to a different computer system that has added protections and trained our workforce in safeguards,” Wolverine said in a statement.

The company says there’s no indication that the hackers extracted customer data from its servers. Wolverine still chose to mail out letters to their clients because the data that was hacked included sensitive medical information.

Michigan doesn’t require its companies to notify the attorney general’s office when data breaches take place. The state’s attorney general’s office learned of the breach from news reports, Nessel said.

Nessel has since asked Wolverine to provide her with more information and suggests that Michiganders take additional steps to safeguard their personal information. This includes placing a fraud alert on credit files, enrolling in free identity protection services, and freezing credit files.

The Wolverine data breach comes as Capitol Hill lawmakers are growing interested in data-security legislation. Advancements in legislation would require companies to better protect consumers’ data and to swiftly alert them when there’s been a major cyber attack.

Equifax and Marriott were the given examples at a recent congressional hearing on the suggestion for data-security legislation. The two companies were recently targeted in separate, but major, data breaches and were criticized by lawmakers for their cybersecurity practices.

On Thursday, March 7, Equifax CEO Mark Begor told senators that the company’s credit rating agency has made changes since its 2017 data breach. The infamous breach compromised the data of 143 million people.

“The fact that Equifax did not have an impenetrable information security program and suffered a breach does not mean that the company failed to take cybersecurity seriously,” Begore said.

The Senate’s report on the data breach indicates that Equifax’s competitors Experian and TransUnion were able to avoid a similar data breach. The report also criticizes Equifax for not properly saving records about the breach.



Please follow and like us:
Error, no Ad ID set! Check your syntax!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>