Michigan Attorney General Dana Nessel warned Michiganders today that the information of 600,000 of the state’s citizens may have been compromised in a ransomware-caused data breach.
The cyberattacks have potentially exposed the names, social security numbers, addresses, and medical details of customers throughout Blue Cross Blue Shied of Michigan, Health Alliance Plan, and McLaren Health Care. The hackers breached those organizations by targeting Wolverine Solutions Groups (WSG), a healthcare company that partners with various health plans and hospitals, with ransomware that withheld the company’s records.
Although WSG detected the cyberattack in September, companies are not required to notify the attorney general’s office of data breached in Michigan. Nessel’s office became aware of the data breach through news reports.
Nessel’s announcement follows last week’s U.S. Senate hearing concerning Equifax and Marriot’s data breaches in 2017 and 2018, respectively. Sens. Rob Portman, R-Ohio, and Tom Carper, D-Del., both called for national regulations on data breach protection, as there are currently only state-level laws government breach disclosures.