700 Companies Served by Third Party Healthcare Provider Breached

Breaches, February, March

Who: Wolverine Solutions

# of Accounts Breached: More than 700 companies and 1.2 million patients.

What was affected: Individual patient information (names, addresses, dates of birth, social security numbers, insurance contract information and numbers, phone numbers, and medical information, including some highly sensitive medical information)

When it happened: September 25, 2018

How it happened: Several months ago Wolverine (Solutions Group) noticed they had someone who infiltrated their system for about five to eight minutes on two different occasions

Outcome: Shortly after WSG learned of the incident, we began an internal investigation and hired outside forensic security experts to help us. A team of forensic experts arrived on October 3, 2018,​ to begin the decryption and restoration process. All impacted files needed to be carefully “cleaned” of any virus remnants prior to their review by forensic investigators. Most critical programs requiring decryption were restored by October 25, 2018, and WSG’s critical operations were running by November 5, 2018. However, the forensic team continued its decryption efforts on the impacted files to determine the type of information that was affected, the identities of our Healthcare Clients, and the specific individuals involved. Beginning in November and continuing in December, January, and early February, WSG discovered and was able to identify those Healthcare Clients whose information was impacted by the incident. The timing of our notices to impacted individuals has been based on these “rolling” discovery dates. The first notices were mailed on December 28, 2018. Additional notices have been mailed in February and further notices will be mailed in March.