Thousands of patients impacted by ransomware attack at medical billing company

Following a ransomware attack at a medical billing company, thousands of patients are being warned that their highly sensitive medical information and personal details were amongst the breached data.

Michigan-based Wolverine Solutions Group (WSG) says that it discovered its systems had suffered a security breach on September 25 last year. Malware had infected the company’s computers and encrypted “many” of the firm’s records, rendering them inaccessible.

One week later WSG called in a team of external forensic security experts who attempted to recover the encrypted data.

According to WSG, its critical operations were back up and running by November 5, 2018 — over 40 days after the ransomware attack was initially detected.

However, work has continued in the months since to identify those individuals whose healthcare clients were affected. The company has mailed out a number of notifications to affected individuals in December, January and February, and says it will sent out more this month.

The good news is that no evidence has been found that the sensitive data was exfiltrated from WSG’s servers. As with most ransomware cases, the risk to information is primarily that it has been encrypted with a key only known to the attackers and made inaccessible rather than stolen for the purposes of identity theft and fraud.

Of course, it is possible for organizations to recover without paying any ransom to the criminals if they have maintained secure, regular backups of the data. Sadly, it’s still all too common to discover that backups have not been maintained or that the backups themselves have also been corrupted by the attack.

Even though there is no evidence that unauthorized parties stole the data, WSG says that the nature of the affected files (some of which contained individual patient information such as names, addresses, dates of birth, Social (Read more...)