Who: Blue Cross Blue Shield of Michigan

# of Accounts Breached: 15,000 policyholders

What was affected: Demographic data, health plan contract numbers and some medical information. Some data also included Social Security numbers.

When it happened: September 23, 2018

How it happened: The first breach, fairly widely reported already, involved a laptop stolen from a subsidiary’s employee that held data on 15,000 policyholders. But that same week, one of the health insurer’s services providers was also sending out notifications to an unspecified number of policyholders. Wolverine Solutions’ notification template, reproduced below, explained that on September 23, they experienced a ransomware incident. Their investigation did not indicate that any data had been exfiltrated, but as is often the case, they couldn’t entirely prove that it hadn’t been.

Outcome: Wolverine Solutions have arranged for affected individuals to have AllClear ID protect their identity for 12 months at no cost. However, due to Blue Cross Blue Shield of Michigan’s policy, special arrangements have been made to offer you the same protection for 24 months.