Wolverine Solutions Group, the mailing service vendor, notified HAP Nov. 28 of a ransomware attack that happened Sept. 23. and left the vendor locked out of its servers and workstations.
The ransomware attack may have exposed customers’ names, addresses, dates of birth, member identification numbers, healthcare provider names, patient identification numbers and claim information.
HAP verified the extent of the attack in February and notified 120,344 customers of the breach.
BCBS of Michigan customers were informed in December that their information also may have been compromised, Wolverine Solutions President Darryl English said.
The Blue Cross malware attack affected 150,000 members, all but 50,000 of them from Michigan. Since the attack, there has been no evidence that customers’ personal information has been misused, Blue Cross said.
Wolverine Solutions’ ongoing investigation determined the affected records were encrypted. The company is sending its customers personalized letters describing the extent of the breach, as some may have had Social Security numbers and medical records affected.
More articles on cybersecurity:
Alphabet unveils 1st security data platform: 3 things to know
13 healthcare privacy incidents in February
Montana hospital reports medical records room break-in
