Article Details
Scrape Timestamp (UTC): 2023-11-10 15:29:35.348
Original Article Text
Click to Toggle View
McLaren Health Care says data breach impacted 2.2 million people. McLaren Health Care (McLaren) is notifying nearly 2.2 million people of a data breach that occurred between late July and August this year, exposing sensitive personal information. McLaren is a non-profit healthcare system with an annual revenue of $6.6 billion. It encompasses an extensive network across Michigan that includes 14 hospitals with a total bed capacity of 2,624 and is supported by a team of 490 physicians. The organization boasts a substantial workforce, with a 28,000 full-time staff. Additionally, it maintains contractual relationships with 113,000 providers, extending its reach into Indiana. McLaren published a statement on its website about the intrusion and also notified U.S. authorities. The organization also alerted impacted individuals of the incident. Per the provided information, McLaren identified a security breach on August 22, 2023. Subsequent investigations, conducted with the assistance of external cybersecurity experts, revealed that the breach had compromised its systems since July 28, 2023. Evidence shows that on August 31 an unauthorized threat actor had accessed data and the following data types were confirmed to have been exposed by October 10: The specific types of data exposed differ for each individual, depending on the information they shared with the organization and the services they received. All impacted individuals will receive to the email address they provided to McLaren a notification with instructions on enrolling to identity protection services for 12 months. McLaren says it currently holds no evidence that cybercriminals abused the exposed data but urges impacted individuals to be cautious with unsolicited communications and keep a close eye on their bank account activity. Although the organization does not disclose many details about the cyberattack, it is worth mentioning that the ALPHV/BlackCat ransomware group took responsibility for an attack on McLaren's network on October 4. The threat actors published samples of the data they allegedly stole from McLaren and threatened to auction the entire data set that they claim to impact 2.5 million people.
Daily Brief Summary
McLaren Health Care announced a data breach affecting approximately 2.2 million individuals, with sensitive personal information compromised.
The breach occurred between late July and August 2023, with the organization becoming aware of the security issue on August 22, 2023.
An external cybersecurity team revealed that unauthorized access had been ongoing since July 28, with data exposure confirmed by October 10.
Types of data accessed vary among individuals but remain undisclosed; all affected parties will receive instructions for 12-month identity protection services.
McLaren has not found evidence of misuse of the data but warns those affected to monitor their financial accounts and be vigilant of unsolicited communications.
ALPHV/BlackCat ransomware group claimed responsibility for an attack on McLaren's network, threatening to auction the collected data they say concerns 2.5 million people.