BreachExchange mailing list archives
Spectrum Health Lakeland announces data breach
From: Destry Winant <destry () riskbasedsecurity com>
Date: Fri, 15 Mar 2019 07:59:55 -0500
https://www.heraldpalladium.com/news/local/spectrum-health-lakeland-announces-data-breach/article_be64c079-2435-5619-9b24-5170ce7af591.html Spectrum Health Lakeland is in the process of notifying about 60,000 patients about a data security issue involving a vendor, the health system announced Thursday. Wolverine Services Group (WSG), a mailing company contracted by Spectrum Health Lakeland, was hit by the cyberattack. Loren Hamel, president of Spectrum Health Lakeland, said the breach was not done directly through Spectrum Health Lakeland. “We take the data and security of those entrusted in our care incredibly seriously,” Hamel told The Herald-Palladium on Thursday. “Every day we are working to make sure that data is protected. It deeply saddens us to share with our friends and neighbors that their data was encrypted and unencrypted.” Once the breach was discovered, Wolverine engaged a third-party security expert to investigate and return its information systems to normal, after a ransomware attack encrypted data. The breach in question involved the Lakeland portion of Spectrum Health, not the wider Spectrum company. According to a news release from Spectrum Health Lakeland, the security expert found no evidence that patient information was removed from WSG’s system or that any patient information had been misused as a result of the attack. The incident has been reported to regulators as a data breach. Spectrum Health Lakeland has been working with its own technology experts since it was notified of the problem last Dec. 17. Hamel said the breach occurred in September, but it was several months before the breach was discovered. Hamel said it often takes awhile to discover such breaches. “We got the clean data back from (WSG) within the last few days,” Hamel said. “To the best of everybody’s forensic evidence, the data was encrypted and then unencrypted. No data that we know of has been stolen. Out of caution we wanted to tell anyone who was part of that data breach.” Because Wolverine sends billing statements to patients, the information in question includes patients’ names and addresses, types of health services provided, dates of those services, health insurance providers and amounts due on the patient account. Wolverine also told the hospital system that Social Security numbers may also have been involved in the breach. “Every significant company in the country encounters millions or billions attempts at cyber security breaches every year,” Hamel said. “The reality is occasionally one gets through. This one didn’t get through Spectrum Health Lakeland’s firewall, but a vendor.” Wolverine has arranged for free credit monitoring and financial investigative services through AllClear ID services for affected patients for 12 months, and is recommending that patients regularly review account statements and obtain a free credit report. Patients will also get a letter in the next seven to 10 days if their information was possibly affected. “I’m a patient at Spectrum Health Lakeland. I will likely be getting a letter from myself on this data breach,” Hamel said. “We care for our friends and neighbors and this is obviously important to us because we’re committed to doing everything we can to take good care of each other.” Other health care systems in Michigan also were affected by the data breach through Wolverine. It was last October when Grand Rapids-based Spectrum Health completed a merger with St. Joseph-based Lakeland Health, which then became known as Spectrum Health Lakeland. _______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Spectrum Health Lakeland announces data breach Destry Winant (Mar 15)