McLaren Health Care Data Breach of 2024: Over 743,000 Individuals Affected
TL;DR
A significant data breach at McLaren Health Care in 2024 exposed the personal information of over 743,000 individuals. The incident, discovered on August 5, 2024, involved unauthorized access to the network between July 17 and August 3, 2024. The compromised data included names, Social Security numbers, driver’s license numbers, health insurance details, and medical information. McLaren has offered affected individuals 12 months of free credit monitoring services and guidance on protecting against fraud and identity theft.
McLaren Health Care Data Breach of 2024: Over 743,000 Individuals Affected
On August 5, 2024, McLaren Health Care detected suspicious activity on its systems, leading to the discovery of a data breach that compromised the personal information of over 743,000 individuals. The incident involved unauthorized access to the network between July 17 and August 3, 2024, affecting both McLaren Health Care and its affiliate, Karmanos Cancer Institute.
About McLaren Health Care
McLaren Health Care is a prominent nonprofit healthcare organization based in Grand Blanc, Michigan. With a $6.6 billion integrated healthcare delivery system, McLaren operates 14 hospitals in Michigan, along with various ambulatory surgery centers, imaging centers, and a network of over 490 employed primary and specialty care physicians. The organization also manages commercial and Medicaid HMOs, home health services, infusion and hospice providers, pharmacy services, a clinical laboratory network, and a medical malpractice insurance company.
Details of the Data Breach
Following the detection of the cyber attack, McLaren Health Care initiated an investigation with the assistance of third-party forensic specialists. The investigation revealed that the unauthorized access potentially exposed sensitive information, including:
- Names
- Social Security numbers
- Driver’s license numbers
- Health insurance details
- Medical information
The data breach notification letter shared with the Maine Attorney General’s Office stated:
“On or about August 5, 2024, McLaren became aware of suspicious activity related to certain McLaren/Karmanos computer systems and they immediately activated their emergency response processes. […] Through the investigation, it was determined that there was unauthorized access to the network between July 17, 2024, and August 3, 2024. […] The information that could have been involved includes name, Social Security number, driver’s license number, medical information, and health insurance information.”
Impact and Response
McLaren Health Care reported that 743,131 individuals were affected by the security incident. In response, the organization is providing impacted individuals with 12 months of free credit monitoring services and guidance on protecting against fraud and identity theft.
Previous Security Incidents
This is not the first time McLaren Health Care has faced a significant data breach. In November 2023, the organization disclosed another data breach that occurred between late July and August 2023, affecting 2,192,515 individuals. That incident was linked to the INC RANSOM ransomware group. In early October 2023, the ALPHV/BlackCat ransomware gang claimed to have stolen data belonging to 2.5 million McLaren Health Care patients, adding the organization to its list of victims on its Tor leak site.
Conclusion
The data breach at McLaren Health Care highlights the ongoing challenges in cybersecurity, particularly in the healthcare sector. As organizations continue to face evolving threats, it is crucial to implement robust security measures and remain vigilant against potential attacks. For more details, visit the full article: source.
Additional Resources
For further insights, check: