Business Associate Ransomware Attack Reported at Blue Cross Blue Shield of Michigan

January 12, 2019


A ransomware attack that has probably led to the thievery of plan subscriber’ protected health information has been reported by a business associate of Blue Cross Blue Shield of Michigan. This is the second current data breach affecting Blue Cross Blue Shield of Michigan plan subscriber that experienced in December 2018. Some plan subscribers’ PHI was saved on a laptop computer that was thieved from another business associate at a different time.

The latest breach was informed by Austin, TX-based Wolverine Solutions Group, a dealer that supplies business facilities to Blue Cross Blue Shield of Michigan and several other healthcare groups. On September 23, 2018, ransomware was placed on its network that led to the encryption of files on servers and workstations, including files having protected health information.

An external computer forensics company was engaged to finish an inquiry into the breach but found no proof of data exfiltration; however, data thievery could not be completely rejected. The variety of information that was probably retrieved and copied included demographic data, health plan phone numbers and a limited amount of health information. Some Social Security numbers might also have been impacted. informed that the data breach was not limited to Blue Cross Blue Shield of Michigan. Other healthcare customers were also impacted including Molina Healthcare. 895 Molina Healthcare patients have also been warned that their PHI was possibly obtained.

Wolverine Solutions has contacted all affected people to make them aware of the breach and, as a protective measure, has offered 1 year of free credit checking facilities to breach sufferers. Because of Blue Cross Blue Shield of Michigan’s policies, its plan subscriber has been offered extended protection for 2 years.

Wolverine Solutions has already applied new measures to increase safety and has shifted to a new computer system that has added safety against these kinds of hacking attempts. All staff members have also received additional training on the new safety measures.