Wolverine Solutions Group (WSG) ransomware attack from September 2018 is now known to affect about a million patients and hundreds healthcare facilities when the third-party vendor was attacked. A letter template they sent out is located here. According to the SC Magazine article:
“WSG, which handles billing and mailing services for the healthcare organizations, said its files were encrypted on Sept. 25, 2018 by a ransomware attack. The decryption and restoration process started on Oct. 3 with critical operations being restored by November 5. A local newspaper for one of the affected facilities, The Three Rivers News, noted that 700 companies and 1.2 million people were affected.
“Beginning in November and continuing in December, January, and early February, WSG discovered and was able to identify those Healthcare Clients whose information was impacted by the incident,” WSG said, adding it has notified its clients of the issue as each was discovered to have been covered by the attack.
The information involved was patient information (names, addresses, dates of birth, social security numbers, insurance contract information and numbers, phone numbers, and medical information, including some highly sensitive medical information. WSG believes the information was only encrypted and not accessed.”