Wolverine Solutions Group said it was the victim of a ransomware attack in late September 2018, but many clients said they are just now learning their personal information may have been exposed.
Wolverine performs business services for a variety of clients, including various health care entities and health plans such as Covenant Hospital, Health Alliance Plan (HAP), and McLaren.
The company is saying more that 45,000 patients from Covenant were impacted, 120,000 from HAP, and about 54,000 from McLaren.
At the time of the cyber-attack, the company reported the incident to the FBI, and worked with their IT and forensics teams to try and identify who was behind the attack, and if any client information was compromised.
While that remains unclear, the company is offering credit monitoring at no cost to the impacted clients.
Those clients are being notified via mail and offered credit monitoring.
That process began Dec. 28, 2018, according to Wolverine.
Kristin Knoll, a spokesperson with Covenant Healthcare, a client of Wolverine’s said, “protecting patient privacy is of the utmost importance to Covenant. In accordance with HIPAA guidelines, Covenant strives to share the least amount of information necessary with outside vendors. For example, Covenant never shared full social security numbers with WSG for the printing of billing statements. That said, WSG recommends using an abundance of caution and Covenant wants potentially impacted individuals to be aware.”
If you receive notice that your protected health information or financial information was impacted, Wolverine recommends you remain vigilant and consider taking one or more of the following steps to protect your protected health information or personal information:
- Contact the nation-wide credit reporting agencies as soon as possible to add a fraud alert statement to your credit file at all three-national credit-reporting agencies or consider placing a security freeze on your credit file.
- Remove your name from mailing list of pre-approved offers of credit for approximately six months.
- Receive a free copy of your credit report by going to www.annualcreditreport.com.
- Receive all of your bank account and explanation of benefit statements frequently for checks, purchases, charges, or deductions not made by you.
- If you suspect or know that you are the victim of identity theft, you should contact local police and you also can report this to the Fraud Department of the FTC.
A Wolverine spokesperson said they are deeply sorry this incident occurred and apologizes to their business clients and affected individuals.