More than 743,000 individuals have been affected by a data breach at Michigan-based McLaren Health Care.
The nonprofit health system notified the impacted individuals that hackers accessed its network between July 17 and August 3 2024. The breach was tied to a ransomware attack targeting both McLaren and the Karmanos Cancer Institute.
Although the breach was detected on August 5 2024, McLaren said it took until May 5 2025, to complete a forensic review identifying impacted individuals. Notification letters began going out last Friday.
“[It] is very concerning […] that the attack was discovered in August of 2024, but it seems the real victims, those whose data was stolen and potentially put up for sale, have not been informed until now,” said Erich Kron, security awareness advocate at KnowBe4.
“A delay in informing patients about their potential risk and exposure could end up costing those victims more than just frustration.”
What Personal Data was Accessed
According to a notice filed with the Maine Attorney General’s Office, the attackers accessed files containing sensitive personal and health-related information.
This includes:
“Healthcare is one of the top industries to be targeted by bad actors for not only ransomware but also data theft,” Kron added.
“The data these organizations collect and the information they have related to individuals is significant and very sensitive.”
McLaren has offered those affected 12 months of free credit monitoring and identity protection services.
In a statement to patients, McLaren described the event as resulting from a “cybersecurity attack by an international ransomware group.”
While McLaren did not name the attackers, Paul Bischoff, consumer privacy advocate at Comparitech, noted: “McLaren is the latest in a long list of targets hacked by Inc Ransomware.”
This marks the second major cybersecurity incident McLaren has experienced in two years. In July 2023, the ALPHV/BlackCat ransomware group breached its systems and later published sensitive data online. That breach affected 2.2 million people.
“Hospitals and clinics are attractive targets for ransomware gangs,” Bischoff added.
“They cannot go long without access to medical records and other data, and they hold a lot of sensitive information.”
Proactive Strategies for Ransomware Protection
To safeguard against ransomware attacks, healthcare organizations should adopt a proactive, multi-layered strategy. This includes implementing robust data backup and disaster recovery protocols to ensure quick restoration of critical patient information, with backups stored offline and/or offsite and regularly verified for integrity.
Additionally, providing ongoing cybersecurity training for all staff is essential to help them recognize phishing attempts, suspicious attachments and social engineering tactics commonly used to deliver ransomware.
Finally, deploying advanced endpoint protection and maintaining strict network segmentation, along with updated antivirus software, firewalls and intrusion detection systems, will help contain any potential spread of malware.
Image credit: JHVEPhoto / Shutterstock.com
