McLaren Health Care is warning 743,000 patients that the health system suffered a data breach caused by a July 2024 attack by the INC ransomware gang.
Although the attack was discovered on August 5, 2024, forensic investigations determining who was impacted were only completed on May 5, 2025, with the notice circulation starting last Friday.
McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds). It employs 490 physicians and 28,000 full-time staff while contracting with another 113,000 providers across Michigan and into Indiana.
In early August 2024, the healthcare organization suffered an IT and phone systems outage that prompted investigations. Patient databases were reported impacted, and people were asked to bring information about appointments and medication when visiting McLaren hospitals.
Even though the organization did not specify who the attackers were, an employee at one of McLaren’s hospitals in Bay City, Michigan, posted INC ransom notes online that were automatically printed on the hospital’s printers.
In the notice sent to impacted individuals, McLaren Health Care admits that the incident concerned a ransomware attack, though INC is still not mentioned.
“Our organization was the target of a cybersecurity attack by an international ransomware group that impacted the McLaren Health Care and Karmanos Cancer Institute computer network,” reads the notice.
The investigation determined that the attackers maintained access to McLaren’s and Karmanos’ systems between July 17, 2024, and August 3, 2024.
The McLaren data breach notification sample submitted to U.S. authorities confirms that full names were exposed, redacting other data types that were exposed. Therefore, the full extent of the data breach remains unclear.
This is the second major breach McLaren Health Care has suffered in recent years, with the previous one occurring in July 2023, attributed to the ALPHV/BlackCat ransomware group.
In that older case, the cybercriminals stole sensitive medical data, personally identifiable information, and SSNs of 2.2 million people.
Samples of that data were leaked online in October 2023 as part of the extortion process, pressing McLaren to pay an undisclosed ransom amount.
Patching used to mean complex scripts, long hours, and endless fire drills. Not anymore.
In this new guide, Tines breaks down how modern IT orgs are leveling up with automation. Patch faster, reduce overhead, and focus on strategic work — no complex scripts required.
