Michigan-based McLaren Health Care has confirmed another large-scale data breach less than two years after a major ransomware incident.
What happened
McLaren Health Care has disclosed a new data breach that exposed the personal and healthcare information of approximately 743,000 individuals. In a notification submitted to the Office of the Maine Attorney General, the healthcare provider said it became aware of suspicious activity in August 2024 involving its own systems and those of Karmanos, its affiliated cancer institute.
The investigation revealed that unauthorized access occurred between July 17 and August 3, 2024. The files accessed during the breach included a wide range of sensitive data, such as names, Social Security numbers, driver’s license numbers, health insurance details, and medical information.
Going deeper
The attack is the second major incident to affect McLaren in recent years. In 2023, the organization suffered a prolonged ransomware attack attributed to the ALPHV (BlackCat) gang, which ultimately exposed the data of more than 2 million individuals. During that attack, threat actors gained access to health records, diagnosis details, insurance claims, and other protected health information (PHI).
Although McLaren has not disclosed the specific method used in the 2024 breach, ransomware groups have previously targeted the organization, and the current incident appears to follow a similar pattern of unauthorized access over a sustained period.
Healthcare data is a prime target for cybercriminals due to its value on dark web forums, where it can be resold for use in fraud, identity theft, or insurance scams. Medical identity theft, in particular, allows attackers to file fraudulent claims using stolen patient information.
What was said
McLaren’s breach notification described the access as unauthorized but did not confirm whether ransomware was involved in this case. The healthcare provider has since engaged third-party specialists to investigate and assist with mitigation efforts. Individual notifications are being sent to affected patients.
The company operates more than 3,100 licensed beds and manages health plans for over 732,000 people. In 2024, McLaren reported $6.6 billion in net revenue.
FAQs
What is medical identity theft, and why is it a concern?
Medical identity theft occurs when someone uses stolen healthcare data to submit false insurance claims or access medical services fraudulently. It can result in inaccurate medical records and unpaid bills for victims.
How do cybercriminals typically sell or use stolen healthcare data?
Stolen data is often listed on dark web marketplaces and sold in bulk to fraud networks. It can be used to create fake identities, file false tax returns, or craft targeted phishing campaigns.
How can individuals find out if they were affected by the McLaren breach?
McLaren is issuing individual notifications to impacted people. Those concerned can also contact McLaren directly or monitor notices filed with state attorneys general.
What steps can healthcare providers take after repeated breaches?
Healthcare organizations often review and upgrade cybersecurity controls, implement endpoint monitoring, conduct third-party audits, and provide breach response training for staff.
Are healthcare organizations legally required to report breaches like this?
Yes. Under HIPAA, covered entities must notify affected individuals, the U.S. Department of Health and Human Services, and in some cases, the media if a breach affects more than 500 people.
Farah Amod
