Michigan-based healthcare giant, McLaren Health Care, has revealed that the personal and health data of approximately 2.2 million patients was compromised during a ransomware attack earlier this year. The attack, which lasted for around three weeks between July 28 and August 23, went unnoticed until August 31.
Key Takeaway
Major healthcare provider McLaren Health Care discloses a significant data breach affecting 2.2 million patients. The breach highlights the ongoing threat of ransomware attacks against organizations and the urgent need for robust cybersecurity measures in the healthcare sector.
The Breach
Mclaren disclosed that the hackers gained unauthorized access to sensitive patient information, including names, dates of birth, Social Security numbers, and a wide range of medical data such as billing, claims, diagnoses, prescriptions, and treatment information. The stolen information also includes details of Medicare and Medicaid patients.
Alphv Ransomware Gang Claims Responsibility
The incident came to light in October when the Alphv ransomware gang (also known as BlackCat) claimed responsibility for the cyberattack. Reports suggest that the cybercriminals exposed screenshots on the dark web, demonstrating access to McLaren’s internal password manager, financial statements, employee data, and patient-related information.
McLaren’s Response
McLaren, which operates 13 hospitals across Michigan, remains tight-lipped about the details of the incident. The company’s spokesperson, David Jones, declined to comment on whether a ransom demand was received or paid. McLaren also refused to provide an interview with its Chief Information Security Officer, George Goble.
Impact and Legal Consequences
Following the breach, McLaren is facing at least three class-action lawsuits related to the cyberattack. The stolen data exposes patients to potential identity theft and financial fraud, necessitating enhanced security measures and safeguards.
