Data Security Incident
February 28, 2019
Three Rivers Health was notified of a data security incident that occurred at Wolverine Solutions Group, a subcontractor to a company the hospital uses for patient collection services. The incident affected personal information for a limited number of patients. That information may include patient names, addresses, demographic information, health plan contract numbers and in some cases, social security numbers.
Wolverine Solutions Group is taking full responsibility for the incident and is in the process of notifying affected patients and offering free credit monitoring and protection services.
For more information, review Wolverine Solutions Group’s “Notice of Breach/Cybersecurity Incident” on their website at www.wolverinemail.com/cyber-security-event.
Wolverine Solutions Group has contracted with All Clear ID to handle any inquiries. Patients and families with concerns should contact All Clear ID using a toll-free number (877) 412-7152 established to handle inquiries.
FREQUENTLY ASKED QUESTIONS
Q: I received a notice stating that my personal and protected health information was part of a data security incident. How did the hospital let this happen?
A: The hospital did not experience a data security incident or release your information. The notice you received came from Wolverine Solutions Group, a subcontractor to a company we use for patient billing services. They recently made us aware of a data security incident involving patient information. They are handling the matter directly by reaching out to patients who may have been affected and offering free identity protection and credit monitoring services as a precaution.
While we had no role in this data security incident, we are working closely with the company to ensure they are appropriately addressing the issue, and we deeply regret any inconvenience. The subcontractor has assured us the issue has been corrected and they have no reason to believe patient information was extracted from their system. We urge you to contact them directly by calling the number in the letter you received, should you have further questions.
Q: Who is Wolverine Solutions Group and why did I get a notice from them instead of my health care provider?
A: Wolverine Solutions Group is a subcontractor to a company we use for patient billing services. They provide outsourced services for medical bill statement processing. You received the notice because the possible data security incident involved your personal or protected health information. The data security incident did not involve our hospital’s electronic medical record or information systems. We have been in regular communication with Wolverine and we are aware of their efforts to address this issue.
Q: What information was accessible in the data security incident?
A: Wolverine Solutions Group has told the hospital the information affected by the incident may have included patient names, addresses, demographic information, health plan contract numbers, some medical information and in some cases, social security numbers.
As a reminder, there is no indication that any of the information was extracted from the Wolverine system. They are notifying patients and offering free identity repair, identify protection and credit monitoring services out of an abundance of caution.
Q: Was any data compromised?
A: Wolverine Solutions Group has told the hospital there is no indication that any personal information was extracted from their system or has been misused in any way.
Q: How did the incident occur?
A: Wolverine Solutions Group is taking full responsibility for the incident and is handling the matter directly. They have established a toll-free hotline through All Clear ID (877) 412-7152 you can call to discuss any additional questions you may have.
Q: When will this matter be resolved?
A: We suggest contacting All Clear ID at (877) 412-7152 with this question. They have established a call center to handle inquires.
Q: What are you doing to prevent this from happening again?
A: The hospital’s electronic medical record and information systems were not involved in this data security incident; however, we have strong policies and procedures in place to ensure the security of your personal information. We have received assurances from Wolverine the issue has been addressed. They can tell you more about the steps they have taken to ensure this does not happen again, as well as the resources available to help those who may have been affected.