McLaren Health Care data breach affects 2.2 million individuals

McLaren Health Care, a Michigan-based healthcare delivery system, has notified roughly 2.2 million individuals that their personal information was compromised in a data breach earlier this year.

The data breach was identified on August 22, 2023, and plugged the next day. During the period of access, between July 28 and August 23, 2023, intruders could acquire certain information from McLaren’s systems, including files containing personal and medical information.

The stolen information includes names, dates of birth, Social Security numbers, health insurance information, and medical information, such as diagnosis, medical record number, billing or claims information, Medicare/Medicaid information, and prescription/medication and treatment details.

McLaren Health Care has no evidence that the stolen information has been misused, but the data appears to be in the hands of cybercriminals willing to share it on the dark web.

Last month, the Alphv/BlackCat ransomware gang added McLaren Health Care to its leak website, claiming to have stolen “the confidential data of 2.5 million people” and threatening to auction it.

McLaren told the Maine Attorney General’s Office that close to 2.2 million individuals were impacted, but it is unclear whether these are patients only or if employees and partners were affected. McLaren Health Care is a fully integrated healthcare delivery system headquartered in Grand Blanc, Michigan, which includes 15 hospitals and employs 28,000 people.