GRAND RAPIDS, Mich. (WOOD) — Thousands of patients of Mary Free Bed Rehabilitation Hospital in Grand Rapids are included in a data breach connected to a billing company the hospital once used.
Mary Free Bed says 4,755 of its patients were affected by the Wolverine Services Group breach and will be receiving notification letters from the billing vendor.
In a notice posted on its website, WSG says around Sept. 25, 2018, someone hacked into its computer system and infected it with malware. WSG says the hackers encrypted “many” of WSG’s records and demanded payment to restore the company’s access.
WSG says it serves “various health plans and hospital systems.” It’s unclear what other hospitals may be affected.
WSG said names, addresses, dates of birth, social security numbers, insurance information and medical records were included in the files encrypted during the ransomware attack. Mary Free Bed says none its patients’ medical record were ever sent to WSG.
Based on an internal investigation, WSG says it believes the hackers only encrypted the files and never stole them off the company’s servers. However, WSG says it will offer free credit monitoring for a year to impacted patients, “given the nature of the affected files.”
WSG says the yearlong service through AllClear ID will automatically start when the patient receives a notice they were impacted by the breach. WSG said it started mailing out notices on Dec. 28 to impacted patients and will continue to do so through March.
WSG said it hired outside forensic security experts to decrypt the affected files and restore access. The company says most files were restored by Oct. 25.