About 15,000 patient records were among those affected by a ransomware attack against Wolverine Solutions Group, which took place in September 2018. The group said forensic analysis and investigation conducted by a third-party IT security company was unable to identify evidence that personal data on the system had been extracted.
“Even so, and depending on the type of information that may have been involved, we are offering credit monitoring at no cost to those affected,” Wolverine Solutions Group said in a statement.
The local health system works with Client Financial Services, which subcontracts with Wolverine Solutions Group to provide paper-billing statements to patients, said NOCHS spokeswoman Jen VanSkiver.
On Dec. 10, 2018, NOCHS first received a general notification about the data breach and that a forensic evaluation was underway, and that they would receive another notification once the impact to NOCHS patients was assessed.
The health system was notified Feb. 5 about 15,000 NOCHS patients being affected by the breach, VanSkiver said. Most of the records were between April and September 2018.
Wolverine Solutions Group is notifying affected patients by mail and offering free credit monitoring. In some instances, information in the system might have included a patient’s full name, date of birth, Social Security number, account number, home address, health plan numbers and other information.
The process to identify those individuals began Dec. 28 and continues, according to the statement from Wolverine Solutions Group. The group is notifying patients because it was their breach and not the local health system’s, VanSkiver said.
Some patients who have received letters have reached out to various parts of the local health system. VanSkiver said some have inquired if the letters are legitimate, and she said she’s grateful to receive the calls because it shows the community is vigilant.
VanSkiver encourages patients to engage with Wolverine Solutions Group to have their questions answered. More information can be found online at www.noch.org.
Wolverine Solutions Group established a toll-free hotline with All Clear ID, at 877-412-7152, for inquiries about the data breach.
The company also encourages individuals to consider taking steps to protect their information including:
• Obtain a free copy of your credit report by visiting www.annualcreditreport.com.
• Contact credit agencies and add fraud alert statements for your file.
• Remove your name from pre-approved offer mailing lists for about six months.
• Pay attention to credit card charges and bills for items you didn’t purchase.
• Review bank account explanation of benefit statements for purchases, checks, charges and deductions you didn’t make.
• Contact local police if you know or suspect you’re a victim of identity theft.
Wolverine Solutions Group says it has taken steps to strengthen its security, which includes mandating additional training, enhancing procedures and new technology.
“We are deeply sorry that this incident occurred and apologize to our business clients and affected individuals,” the company said in a statement. “Safeguarding the personal and business information of our customers is of the utmost importance to us.”