Michigan healthcare delivery system McLaren Health Care has started notifying roughly 2.2 million individuals that their personal information was compromised in a data breach earlier this year.
In an incident notification letter, a copy of which was submitted to the Maine Attorney General’s Office, the organization told the impacted individuals that the data breach was identified on August 22, and plugged the next day.
“We immediately launched an investigation with the assistance of third-party forensic specialists to secure our network and to determine the nature and scope of the activity. Through the investigation, it was determined that there was unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023,” McLaren said.
According to the organization, the intruders were able “to acquire certain information” from its systems during the period of access, including files containing personal and medical information.
The threat actor stole names, dates of birth, Social Security numbers, health insurance information, and medical information, including diagnosis, medical record number, billing or claims information, Medicare/Medicaid information, and prescription/medication and treatment details.
McLaren Health Care said it has no evidence that the stolen information has been misused, but the data appears to be in the hands of cybercriminals who are willing to share it on the dark web.
Last month, the Alphv/BlackCat ransomware gang added McLaren Health Care to its leak website, claiming to have stolen “the confidential data of 2.5 million people” and threatening to auction it.
The group published screenshots depicting allegedly stolen files from the healthcare provider, claiming to have been in contact with an organization representative regarding the incident.
McLaren told the Maine Attorney General’s Office that close to 2.2 million individuals were impacted, but it is unclear whether these are patients only or if employees and partners were affected as well.
McLaren Health Care is a fully integrated healthcare delivery system headquartered in Grand Blanc, Michigan, which includes 15 hospitals and employs 28,000 people.
Related: Personal Information Stolen in City of Philadelphia Email Hack
Related: Medical Company Fined $450,000 by New York AG Over Data Breach
