November 13, 2023 at 08:21AM
Michigan healthcare system McLaren Health Care is alerting approximately 2.2 million people about a data breach that occurred earlier this year. The breach, which was identified on August 22 and resolved the following day, resulted in unauthorized access to McLaren’s network from July 28 to August 23. The attackers gained access to personal and medical information, including names, dates of birth, Social Security numbers, health insurance information, and more. Although there is no evidence of misuse, the stolen data has been shared on the dark web. It is unclear if only patients or also employees and partners were affected.
During the meeting, it was discussed that McLaren Health Care, a healthcare delivery system based in Michigan, has experienced a data breach. Approximately 2.2 million individuals have been affected by the breach, and the organization has started notifying them.
The breach was discovered on August 22, and the organization promptly launched an investigation with the assistance of third-party forensic specialists. It was determined that unauthorized access to McLaren’s network occurred between July 28, 2023, and August 23, 2023. During this period, the threat actor was able to acquire certain information from McLaren’s systems.
The stolen information includes names, dates of birth, Social Security numbers, health insurance information, and medical information such as diagnoses, medical record numbers, billing or claims information, Medicare/Medicaid information, and details of prescriptions, medications, and treatments.
While there is no evidence of the stolen information being misused, it is believed to be in the possession of cybercriminals who are active on the dark web. The Alphv/BlackCat ransomware gang has claimed responsibility for the breach and has included McLaren Health Care on its leak website, threatening to auction the stolen data.
It has been reported to the Maine Attorney General’s Office that approximately 2.2 million individuals were impacted by the breach. However, it is unclear whether this includes only patients or if employees and partners are also affected.
McLaren Health Care is a fully integrated healthcare delivery system with headquarters in Grand Blanc, Michigan. The organization operates 15 hospitals and employs 28,000 people.
In related news, the City of Philadelphia recently experienced an email hack resulting in the theft of personal information. Additionally, a medical company has been fined $450,000 by the New York Attorney General’s Office due to a data breach. To help mitigate cybersecurity risks in the healthcare sector, the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS) have released a Healthcare Toolkit.