McLaren Health Care data breach affects over 740,000 individuals

McLaren Health Care, a Michigan-based healthcare company, said that a data security incident last year compromised the sensitive personal information of more than 740,000 individuals.

 

Last year, McLaren Health said that on August 5, it experienced a data security incident that affected its phone lines and computer systems.

 

“Immediately after becoming aware of the attack, our hospitals and outpatient clinics instituted downtime procedures to ensure care delivery within our facilities.

 

“Our information technology team continues to work with external cyber security experts to analyse the nature of the attack and mitigate the impacts of the threat actors,” McLaren said. 

 

The healthcare provider added that while the majority of its facilities had remained operational, it had implemented downtime procedures to allow the IT team to restore the affected systems. McLaren had also rescheduled certain non-emergency appointments, tests, and treatments, and some surgeries and procedures had been cancelled due to the cyber attack.

 

In a recent filing with the Office of Maine Attorney General, McLaren Health said its investigation has determined that malicious actors gained access to its systems, including those of the Karmanos Cancer Institute, between July 17 and August 3, 2024. During the breach, critical systems were encrypted and confidential information was stolen.

 

The compromised data included  names, Social Security numbers, driver’s license numbers, medical information, health insurance information and more. The filing with the Maine state regulator also states that the healthcare provider has identified at least 743,131 individuals affected by the incident.

 

McLaren Health has advised all affected individuals to regularly monitor their credit reports, account and benefit statements and report any suspicious activity to law enforcement authorities, including the police and the state attorney general.

 

It has also offered one year of complimentary identity protection and credit monitoring services through IDX to all affected individuals.

 

The INC RANSOM ransomware group claimed responsibility for the cyber attack on McLaren Health and listed it as a victim on its data leak site. The group claimed to be in possession of confidential data stolen from the healthcare provider and threatened to publish it if McLaren failed to meet its ransom demands.