- Blue Cross Blue Shield of Michigan policyholders were notified of a second potential breach of their personal and health data in December, after a ransomware attack on one of the insurer’s service providers.
Wolverine Solutions fell victim to a ransomware attack on September 23, which locked down servers and workstations. A forensics firm investigated the incident and could not rule out data exfiltration. Wolverine notified BSBCM of the incident on November 8.
The potentially compromised data included demographic data, health plan numbers and some medical data. For some policyholders, Social Security numbers were included.
The cyberattack also impacted other Wolverine clients, including nearly 800 Molina Healthcare patients, DataBreaches.net discovered.
This was the second breach notification from BCBSM in December. About 15,000 policyholders were notified that their data was potentially breached after the theft of a business associate’s laptop. While the data on the laptop was encrypted, the employee’s login credentials were stolen and customer data could have been accessed as a result.
While ransomware has declined in other industries, hackers continue to use the malicious virus for cyberattacks on the healthcare sector and its vendors.
Just last month, Thundermist Health Center in Rhode Island fell victim to the malware, which forced officials to cancel appointments that would have impacted patient safety without EMR access
Three other providers reported ransomware attacks in December that occurred in the fall: Center for Vitreo-Retinal Diseases in Illinois, Mind and Motion Developmental Centers of Georgia, and the Redwood Eye Center.
And in November, an ransomware attack on Iowa Eye Clinic potentially breached the personal health data of 40,000 patients. May Eye Care notified 30,000 patients in the same month, after falling victim to ransomware in July.