Michigan-based McLaren Health Care is the latest victim of a cyberattack that led to a massive data breach earlier this year. The fully integrated healthcare delivery system is worth $6.6 billion. The data breach exposed the personal and health information of nearly 2.2 million patients spanning 14 hospitals in Michigan, ambulatory surgery centers, imaging centers, a 490-member employed primary and specialty care physician network, and commercial and Medicaid HMOs.The hackers gained access to patient information, including personal details, financial transactions, billing, and lab results. The breach has affected Medicare and Medicaid patient information. As per the latest statement posted on McLaren Health Care’s website, the hackers launched cyber attacks for ransom in July and August. The organization reported the data breach incident to Maine’s attorney general.
However, the incident was largely unknown to the general public until the BlackCat ransomware gang took responsibility by posting screenshots of the breached database on the dark web internet. According to Veeam’s 2023 Ransomware Trends Research, 85% of organizations suffered from a ransomware attack in the last 12 months. According to another research, 86% of organizations said their cloud-hosted data was affected by ransomware. 38% of cyberattacks targeted cloud-hosted workloads.
What are ransomware attacks?
Ransomware attacks exploit vulnerabilities and unsecured digital assets to steal data and lockout systems. The ransomware gangs extort their victims to pay up in exchange for unlocking the database or IT systems. However, paying ransomware to the cyber attackers doesn’t guarantee they wouldn’t revisit the victims. Some victim organizations mention attacks from ransomware gangs within 6 months of the first attack. So, the likelihood of a ransomware attack is more than turning a profit this year.
What happened with McLaren Health Care?
On 22 August, the security team at McLaren Health Care grew suspicious of a cyber incident related to their computer systems. The company hired third-party digital forensic specialists to investigate the incident and identify the extent of the data breach.
According to the website statement:
“On or about August 22, 2023, we became aware of suspicious activity related to certain McLaren computer systems. We immediately launched an investigation with the assistance of third-party forensic specialists to secure our network and to determine the nature and scope of the activity. Through the investigation, it was determined that there was unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023. On August 31, 2023, we learned the unauthorized actor had the ability to acquire certain information stored on the network during the period of access. As part of our ongoing investigation, we undertook a thorough review of the potentially impacted files to determine whether any sensitive information was present. It was through this process, which concluded on October 10, 2023, that we determined that information pertaining to certain individuals may have been included in the potentially impacted files.
To honor our commitment to maintaining timely and transparent communication with our patients, our employees and the community, we are providing notice of this event on our website. McLaren is mailing notice letters to impacted individuals for whom we have valid mailing addresses. This letter will include resources that individuals can reference to further protect their information.”
Currently, McLaren Health Care is reviewing its existing policies and procedures to secure the information on its cloud and shared remote systems. Notice was also provided to federal law enforcement and the U.S. Department of Health and Human Services.
Healthcare service providers and modern cloud service providers continue to be a target for cyber breaches. These cyber risks threaten the critical infrastructure, privacy, and national security of critical infrastructure. To stop such incidents from wreaking havoc on the industry, cybersecurity experts and analysts propose creating a unified foundation against global and regional cyber threats.