Cyber Incident Victim: Wolverine Solutions Group

On September 25, 2018, Michigan-based medical billing company Wolverine Solutions Group (WSG) discovered a ransomware attack that encrypted many of its records, rendering them inaccessible. The malware infection disrupted the company's systems, prompting WSG to engage external forensic security experts one week later to recover the encrypted data. Critical operations were restored by November 5, 2018—over 40 days after initial detection—though full recovery efforts continued for months afterward. While investigating the incident, WSG determined that compromised files contained highly sensitive patient information including names, addresses, dates of birth, Social Security Numbers, insurance contract details, phone numbers, and medical data. The company found no evidence that attackers exfiltrated data, concluding the primary impact was encryption-based system disruption rather than data theft for fraudulent purposes.

WSG began notifying affected individuals in December 2018 through mailed disclosures, continuing notifications into January and February 2019 with plans for additional mailings that month. Among impacted entities was North Ottawa Community Health System (NOCHS), which WSG first alerted about the breach on December 10, 2018—11 weeks post-incident. WSG confirmed on February 5, 2019, that approximately 15,000 NOCHS patient records were compromised by the ransomware. The company offered affected individuals 12 months of identity protection services and advised vigilance regarding financial accounts and credit activity. Restoration efforts prioritized system functionality recovery while forensic analysis focused on identifying all compromised records across WSG's healthcare client base over subsequent months.