25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

McLaren Health Care Ransomware Attack Affects 2.1 Million Patients

Posted By on Oct 4, 2023

McLaren Health Care, a 14-hospital health system based in Grand Blanc, Michigan, has confirmed that it recently fell victim to a ransomware attack and has warned patients that files containing patient information were stolen in the attack and may be leaked on the dark web.

Suspicious activity was detected in its IT systems in late August, and it was later confirmed that this was a ransomware attack. Its computer network was taken offline while the incident was investigated, which caused disruption across its healthcare facilities, although healthcare services continued to be provided at all locations and patient care was unaffected

Last week, the ALPHV/BlackCat ransomware group claimed responsibility for the attack and added McLaren Health Care to its dark web data leak site. ALPHV is a spin-off of the now-defunct Conti ransomware group and has a history of attacking healthcare organizations.  The group claims to have exfiltrated more than 6 terabytes of data in the attack and says the stolen data includes the sensitive information of 2.5 million patients. While McLaren Health Care says all its systems are back online, ALPHV claims to still have access to McLaren Health Care’s systems through an active backdoor.

A spokesperson for McLaren Health Care said it is investigating reports of sensitive data being leaked on the dark web and says cybersecurity specialists have found no evidence to suggest the group still has access to its IT systems. McLaren Health Care is still reviewing the data that may have been compromised and will issue notifications to the affected individuals when that process has been completed. McLaren Health Care reported the data breach to the HHS’ Office for Civil Rights as involving the protected health information of 2,103,881 individuals.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Other healthcare organizations that have recently been added to the group’s data leak site include Prestige Senior Living, Pain Care Specialists of Oregon, and MNGI Digestive Health. Data has been uploaded onto ALPHV leak site for the latter after the ransom was not paid. At present, there is no leaked McLaren Health Care data on the group’s leak site.

Update November 10, 2023 

McLaren Health Care reported the cyberattack to the HHS’ Office for Civil Rights on October 10, 2023, as a HIPAA data breach affecting at least 501 individuals in order to meet the HIPAA breach reporting deadline, and has confirmed in its breach notice to the Maine Attorney General that the information of 2,192,515 individuals was compromised in the attack. The breach total has since been updated with OCR to show that the protected health information of 2,103,881 individuals was compromised in the incident.

In the notice to the Maine Attorney General, McLaren Health Care said the attack was discovered on or around August 22, 2023, and the forensic investigation confirmed the attacker had access to its network between July 28, 2023, and August 23, 2023. “On August 31, 2023, McLaren learned the unauthorized actor had the ability to acquire certain information stored on the network during the period of access,” explained McLaren Health Care in its breach notification letters. The review of the files concluded on October 10, 2023, and “McLaren determined that information pertaining to certain individuals may have been included in the potentially impacted files.” The files contained names, Social Security numbers, information about past, present or future physical, mental or behavioral health or conditions, or that of a member of the consumer’s family, and the provision of health care to a consumer, or payment for the provision of health care to a consumer.

The ALPHV/BlackCat ransomware group has now published a sample of the stolen data on its data leak site and the group states that rather than leak the full data on its site, it will instead hold a darknet auction for all of the stolen McLaren Health Care databases. The group claims to have been in contact with McLaren’s representative and communicated that information, including details of all data stolen in the attack.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist