McLaren confirms it was hit with ransomware; disruptions to last until September
On Aug. 7, McLaren Health Care—a 13-hospital system in Michigan—announced it had been hit with a cyberattack, forcing it to postpone some non-emergency care services. Now, McLaren has confirmed the incident was a ransomware attack.
In an update posted on Aug. 16, McLaren said the ransomware attack is still affecting systems at its 113 hospitals, surgery centers, oncology centers, and other health clinics. Further, the health system said it expects disruptions to continue for the remainder of the month, adding that “cyber forensic investigations are ongoing.”
It is still not clear what information hackers were able to access. McLaren is currently investigating if any HIPAA-protected health information was taken.
As of time of reporting, no cybercrime groups have taken credit for the attack and no data from McLaren appears to be posted for sale on the dark web.
All patients seeking services at any McLaren facility are asked to bring any medical records they have with them to appointments, including prescription data and lab tests, as the health system has limited access to electronic health records.
This attack marked the second for McLaren in less than a year. Last October, the health system was hit by ransomware, with hacker group Black Cat claiming credit. Medical records from 2.2 million patients were exposed in the breach.
Lawsuits from last year, filed by patients, are still pending.
Chad is an award-winning writer and editor with over 15 years of experience working in media. He has a decade-long professional background in healthcare, working as a writer and in public relations.