Michigan Attorney General Responds to Wolverine Solutions Ransomware Attack

Michigan Attorney General Dana Nessel has issued a statement about a recent ransomware attack on the Wolverine Solutions Group, which may have affected up to 600,000 Michigan residents.

AG Nessel has advised all individuals who receive a breach notification letter to sign up for credit monitoring services to ensure they are protected from the potential fallout of the attack.

In her letter, she further advised all individuals to monitor their accounts and EoB statements for signs of fraudulent use of their data, to place a fraud alert on their credit file and to consider freezing their credit file as a protection against fraud and identity theft.

Cybercriminals launched an attack on Wolverine Solutions Group—a contractor that provides mailing and other services for hospitals and health care companies—on or around September 23, 2018. IT security staff were able to restore critical systems to working order within a month, but, due to the extent of the breach, they have taken a significant amount of time to determine which clients had been affected. Despite the attack occurring last September, Wolverine Solutions Group only informed some clients of the breach in March.

While the types of information differ from company to company and individual to individual, the exposed information may include data elements such as names, addresses, dates of birth, social security numbers, insurance contract information and numbers, phone numbers, and medical information.

Healthcare organizations known to be affected include:

  • Blue Cross Blue Shield of Michigan
  • Mary Free Bed Rehabilitation Hospital
  • Spectrum Health Lakeland
  • Sparrow Health System
  • McLaren Health Care
  • Covenant Health Care
  • Health Alliance Plan
  • North Ottawa Community Health System
  • Three Rivers Health
  • Warren General Hospital
  • University of Pittsburgh Medical Center Kane

The attack is believed to have started with the download of the Emotet Trojan. The Emotet Trojan is one of the most rapidly evolving malware variants. It is also one of the most popular forms of malware; hackers have used Emotet in 76% of Trojan attacks.

Trojan horses are malware variants that are disguised as benign or useful pieces of software. They are installed under false pretences, as the user is often tricked into believing that they serve a legitimate purpose. Once executed on a server, the hacker can then gain access to the system and steal valuable information for nefarious purposes. The Trojans are often installed through a phishing campaign.

According to Darryl English, the president of Wolverine Solutions, the organisation paid a ransom to the threat actors behind the attack to retrieve access to their networks.

“Data breaches can be devastating to the affected individuals,” said Nessel on Monday. “It’s important this office provide affected customers with any and all available resources to help limit the effects of this – or any – breach. And today, we’re doing just that.”

Michigan state law did not require Wolverine Solutions to inform AG Nessel of the attack. Nessel first heard of breach from media reports. She has since written to Wolverine requesting further information about the incident. The breach could well trigger an update to data breach notification laws in Michigan to be in line with most other states.

While AG Nessel has put the number of affected individuals at 600,000 or more, the final total is not yet confirmed and, according to Wolverine, could be in the high six figures.

Following HIPAA’s Breach Notification Rule, Wolverine Solutions sending notification letters to affected individuals. They are also offering them free access to credit monitoring and identity theft protection services.