As was the case for many organizations who have already issued security notices, Spectrum said it has no reason to believe its systems or customer information may have been compromised.
“WSG’s expert could not find evidence that Spectrum Health Lakeland patient information was removed from its system as a result of the attack. However, WSG also told us that they cannot be 100 percent sure that patient information was not affected. Therefore, we have reported the incident to regulators as a data breach and will be sending a letter to all patients whose information may have been a part of this cyberattack,” Spectrum wrote in a letter to thousands of its customers.
Upwards of 600,000 individuals may have had their health records compromised, according to a warning issued earlier this week by the Michigan’s attorney general (AG) Dana Nessel and the department of insurance and financial services (DIFS) director Anita G. Fox. The AG’s office warned Michigan residents to take extra precautions to safeguard their data.
Several companies have issued security notices to their customers, including “Blue Cross Blue Shield of Michigan, Health Alliance Plan, McLaren Health Care, Three Rivers Health, and North Ottawa Community Health System. Wolverine Solutions Group says it has mailed letters to all impacted individuals,” the AG’s office said in a press release.
“Wolverine is offering two levels of identity protection to individuals affected by the breach,” said Fox. “If you receive a letter from the company, we urge you to read it carefully and consider enrolling in the free credit monitoring service.”
“The healthcare industry must realize that risk never sleeps and change the frequency and processes for how third-party vendors are assessed, managed and remediated from once a year to real time and continuous,” said Ed Gaudet, CEO, Censinet.