McLaren Health Care confirms ransomware attack disrupting services across Michigan

McLaren Health Care has confirmed that recent widespread outages and disruptions across its facilities in Michigan resulted from a significant ransomware attack. The attack, which began on August 5, 2024, has affected the information technology systems of McLaren’s 13 hospitals, Karmanos Cancer Centers, surgery centers, and clinics, with issues expected to persist throughout the month.

McLaren initially disclosed that it was facing a cyberattack but withheld specifics until recently confirming that ransomware was the cause. In a statement posted on its website, McLaren explained that the ransomware attack has severely limited access to various IT systems across its network, impacting essential operations. The health system has not disclosed whether a ransom demand was made or if any negotiations are ongoing.

Despite the disruptions, McLaren has managed to keep most of its services operational, including emergency rooms and scheduled appointments. Patients have been advised to proceed with their healthcare plans unless their providers directly contact them.

While McLaren Health Care has successfully contained the incident, the recovery process is ongoing, and access to certain systems remains restricted. The health system has reassured the public that it will notify patients if any personal information has been compromised, adhering to state and federal regulations. However, no additional details have been provided on the extent of any data breach.

Phil Incarnati, President and CEO of McLaren Health Care, praised the resilience and dedication of the health system’s staff, acknowledging the challenging conditions under which they are working. “Our employees are inspiring,” Incarnati stated. “From doctors and nurses to support staff, our teams have shown exceptional resilience. As we recover, we ask for continued patience from our patients and visitors.”

Incarnati also emphasized the broader implications of the attack, highlighting the growing threat of cyberattacks on healthcare infrastructure. “Our experience has made clear that cyberattacks against our healthcare infrastructure are an industrywide problem, and it’s not hyperbole to call healthcare cybercrime a national security threat,” he warned.

This attack marks the second time in a year that cybercriminals have targeted McLaren Health Care. A similar ransomware attack occurred in August 2023, raising concerns about the vulnerability of healthcare systems to repeated assaults.