What Happened in the Latest Cyberattack on McLaren?
McLaren Health Care, a large integrated healthcare provider in Michigan, has reported another ransomware attack on their systems. On August 12th, McLaren acknowledged a “disruption” to their information technology and phone systems, which they stated was the result of a criminal cyberattack.
While facilities remained operational with limited IT access, McLaren’s statement said their “information technology team continues to work with external cyber security experts to analyze the nature of the attack and mitigate the impacts of the threat actors.” Unfortunately, at this time it remains unknown if any patient or employee data was compromised in the ransomware attack.
McLaren Hospital Employees Reveal INC Ransomware Attack Through Leaked Note
Employees at McLaren Bay Region Hospital in Bay City, Michigan have disclosed that the healthcare provider recently fell victim to a ransomware attack, although McLaren has yet to publicly comment on the incident.
According to employees, a ransom note was leaked warning that the hospital’s systems have been encrypted by cyber criminals. The ransomware operators, believed to be the infamous INC RANSOM gang, threatened to publish any stolen sensitive data on their dark web leak site if a ransom demand was not paid.
The note shares that the attackers encrypted McLaren Bay Region’s systems and exfiltrated confidential records, though the hospital has not acknowledged the breach nor provided any official details about the ransomware attack to staff or patients.
This potential compromise of protected health information could be devastating if patient data is indeed leaked online by the INC RANSOM group.
This comes as the second such ransomware incident targeting McLaren in just over a year. In October 2021, the cybercriminal gang BlackCat/AlphV claimed to have stolen the sensitive personal health information of 2.5 million McLaren patients in a prior attack. More than 2.1 million Michigan residents were notified of a potential data breach at that time.
Attorney General Warns of Increased Risks and Advises Protective Actions
In response to the latest McLaren attack, Michigan Attorney General Dana Nessel issued a press release warning residents to be vigilant in protecting their private information. She noted that while more than 30 other states require notification of significant data breaches, Michigan is not among them.
Nessel advised consumers to closely monitor explanations of benefits, medical bills, debt collection notices, and credit reports for suspicious activity resulting from a potential data exposure. Individuals are also urged to change passwords on any medical portals used, place fraud alerts on bank and credit accounts, and consider credit freezes if concerned their data was impacted in the ransomware incident.
The Attorney General’s office further reported that ransomware attacks have been increasingly targeting the healthcare sector in particular. With large volumes of sensitive patient data stored digitally, hospitals and clinics present lucrative targets for cybercriminals. On average, data breaches in healthcare now cost over $11 million dollars to remedy.
What McLaren is Advising and Potential Next Steps
In its statements, McLaren has apologized for inconveniences caused and acknowledged community support is appreciated. The organization provided guidance for patients with upcoming appointments to still attend unless otherwise contacted. Individuals were also advised to bring hard copies of medically relevant documents and information if electronic records are inaccessible.
As McLaren’s IT teams and outside experts continue working to analyze the full scope of the ransomware attack, it remains unknown exactly when all internal systems may be back online. The Attorney General has recommended proactive protective steps in the interim for any Michiganders who receive McLaren medical care out of an abundance of caution. Only time will tell the full impact, but ransomware poses a clear and present threat to healthcare privacy and infrastructure.
