As first reported by The Record from Recorded Future News, McLaren Health Care, a major healthcare provider in Michigan, has confirmed a ransomware attack that compromised the personal data of 743,131 individuals. According to regulatory filings submitted on Friday, the breach occurred in August 2024, with initial access traced back to July 17, although suspicious activity wasn’t detected until August 5. The attackers, identified only as an “international ransomware group,” also infiltrated systems at the Karmanos Cancer Institute.
Source: mclaren.org.
The stolen data included Social Security numbers, health insurance details, medical records, driver’s license numbers, and patient names. In response, McLaren is offering affected individuals one year of complimentary credit monitoring. The breach forced the healthcare system to implement downtime procedures, leading to surgery cancellations, rescheduled appointments, and delayed treatments across several of its 13 hospitals and affiliated care facilities.
At the time of the incident, McLaren did not publicly confirm it was a ransomware attack, though a printed ransom note allegedly from the INC ransomware gang was later circulated on social media. This breach marks the second major cyberattack on McLaren in less than a year; in a separate 2023 attack, the now-defunct AlphV ransomware gang compromised the data of 2.1 million individuals.
The growing frequency and scale of these incidents highlight the urgent cybersecurity challenges facing large healthcare systems. With extensive networks of hospitals, cancer centers, and labs, providers like McLaren remain prime targets for ransomware groups seeking access to sensitive data and disruption leverage.
The breach highlights the persistent threat ransomware poses to healthcare infrastructure and patient privacy. As attacks become more sophisticated and frequent, healthcare organizations must strengthen cybersecurity defenses, improve early detection, and prepare robust incident response plans to protect critical systems and the patients who rely on them.
