Ransomware attack at Wolverine Solutions Group leads to thousands of NOCHS patients affected
Recently, the Michigan-based medical billing company, Wolverine Solutions Group, got affected by a ransomware virus that has compromised data, including 15 000 NOCHS patient records. Server included patient names, addresses, Social Security numbers, insurance contracts, and medical account numbers.
The ransomware attack took place in September 2018 and was targeted against a third-party vendor, Wolverine Solutions Group. The official notice of the data breach informed people about the unauthorized party that gained access to the system's servers and installed malware which encrypted many records including data belonging to the NOCHS.
The purpose of this file-locking virus was to extort money from WSG, so there is no information about data extraction, according to the statement by the company. However, the officials still encourage affected people to monitor their credit card activities:
Given the nature of the affected files of NOCHS patients, which contained individual patient information, and out of an abundance of caution, letters will be mailed to all impacted individuals recommending that they take immediate steps to protect themselves from any potential misuse of their information.
WSG discovered that the access was gained on September 23, when ransomware made various files on the system inaccessible by encrypting them. The internal investigation was held and based on the official report; malware had one purpose – money extortion from Wolverine Solutions Group. The decryption and file restoration process started at the beginning of October and by November 5th critical operations were restored.
Patients affected by the attack on the billing company's system
On December 10th, NOCHS was warned by WSG about this data breach. More than 11 weeks after the initial ransomware attack and the company was not confirming that patients' data was stolen. However, in February 2019 Wolverine Solutions Group confirmed that 15 000 patient records were in the server that got encrypted by the ransomware.
Even though there is no evidence that data got stolen or affected in any similar way, WSG informed about the possible danger, due to the sensitive information in those records. Some of them contained specific details about each patient including names, addresses, date of birth, insurance contract details, phone numbers, and medical details.
Written notices were distributed to those whose information got impacted. The risk of getting information stolen and used for other purposes of fraud made WSG take this seriously and use identity protection services. According to the report on further actions, the company states that for the next 12 months all impacted users can use provided and suggested protections.
Companies can recover their files without paying
Paying the ransom is never a good idea when it comes to crypto malware. Cybercriminals always focus on money extortion not on recovering victims' data and they often disappear to the unknown after the payment gets transferred. But organizations can recover their encrypted files if they have regular file backing habit. Employing IT specialists and professional security teams can help get back to the safe system.
Individuals that have been impacted in this particular incident were encouraged to take precautionary measures and took actions in their hands. Wolverine Solutions Group offers people to monitor their credit card reports, review all activities and contact local police forces when they notice anything suspicious.