Health Alliance Plan and Blue Cross Blue Shield of Michigan have alerted nearly 270,000 members combined that their personal information may have been compromised after a data breach at the payers' mailing service vendor, according to the Detroit Free Press.
Wolverine Solutions Group, the mailing service vendor, notified HAP Nov. 28 of a ransomware attack that happened Sept. 23. and left the vendor locked out of its servers and workstations.
The ransomware attack may have exposed customers' names, addresses, dates of birth, member identification numbers, healthcare provider names, patient identification numbers and claim information.
HAP verified the extent of the attack in February and notified 120,344 customers of the breach.
BCBS of Michigan customers were informed in December that their information also may have been compromised, Wolverine Solutions President Darryl English said.
The Blue Cross malware attack affected 150,000 members, all but 50,000 of them from Michigan. Since the attack, there has been no evidence that customers' personal information has been misused, Blue Cross said.
Wolverine Solutions' ongoing investigation determined the affected records were encrypted. The company is sending its customers personalized letters describing the extent of the breach, as some may have had Social Security numbers and medical records affected.