25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Blue Cross Blue Shield of Michigan Members Notified of Business Associate Ransomware Attack

Posted By on Jan 4, 2019

A business associate of Blue Cross Blue Shield of Michigan has experienced a ransomware attack that has potentially resulted in the theft of plan members’ protected health information. This is the second data breach affecting Blue Cross Blue Shield of Michigan plan members to be reported in December. Some plan members’ PHI was stored on a laptop computer that was stolen from a different business associate.

The latest breach was experienced by Austin, TX-based Wolverine Solutions Group, a vendor that provides business services to Blue Cross Blue Shield of Michigan and several other healthcare clients.

On September 23, 2018, ransomware was installed on its network that resulted in the encryption of files on servers and workstations, including files containing protected health information.

A third-party computer forensics firm conducted an investigation into the breach but found no evidence of data exfiltration; however, data theft could not be entirely ruled out. The types of information that was potentially accessed and copied included demographic data, health plan contract numbers, and a limited about of health information. Some Social Security numbers may also have been compromised.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

According to Databreaches.net, the data breach was not confined to Blue Cross Blue Shield of Michigan. Other healthcare clients were also affected including Molina Healthcare. 895 Molina Healthcare patients have also been notified that their PHI was potentially compromised.

Wolverine Solutions has written to all affected individuals to alert them to the breach and, out of an abundance of caution, has offered 12 months of complimentary credit monitoring services to breach victims. Due to Blue Cross Blue Shield of Michigan’s policies, its members have been offered extended protection for 24 months.

Wolverine Solutions has already taken steps to improve security and has moved to a new computer system that has added protection against these types of attacks. All employees have also received further training on the new safeguards.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist