CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?


Data Breaches

2.2 Million Impacted by Data Breach at McLaren Health Care

McLaren Health Care is informing roughly 2.2 million individuals of a data breach impacting their personal information.

Michigan healthcare delivery system McLaren Health Care has started notifying roughly 2.2 million individuals that their personal information was compromised in a data breach earlier this year.

In an incident notification letter, a copy of which was submitted to the Maine Attorney General’s Office, the organization told the impacted individuals that the data breach was identified on August 22, and plugged the next day.

“We immediately launched an investigation with the assistance of third-party forensic specialists to secure our network and to determine the nature and scope of the activity. Through the investigation, it was determined that there was unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023,” McLaren said.

According to the organization, the intruders were able “to acquire certain information” from its systems during the period of access, including files containing personal and medical information.

The threat actor stole names, dates of birth, Social Security numbers, health insurance information, and medical information, including diagnosis, medical record number, billing or claims information, Medicare/Medicaid information, and prescription/medication and treatment details.

McLaren Health Care said it has no evidence that the stolen information has been misused, but the data appears to be in the hands of cybercriminals who are willing to share it on the dark web.

Last month, the Alphv/BlackCat ransomware gang added McLaren Health Care to its leak website, claiming to have stolen “the confidential data of 2.5 million people” and threatening to auction it.

The group published screenshots depicting allegedly stolen files from the healthcare provider, claiming to have been in contact with an organization representative regarding the incident.

Advertisement. Scroll to continue reading.

McLaren told the Maine Attorney General’s Office that close to 2.2 million individuals were impacted, but it is unclear whether these are patients only or if employees and partners were affected as well.

McLaren Health Care is a fully integrated healthcare delivery system headquartered in Grand Blanc, Michigan, which includes 15 hospitals and employs 28,000 people.

Related: Personal Information Stolen in City of Philadelphia Email Hack

Related: Medical Company Fined $450,000 by New York AG Over Data Breach

Related: CISA, HHS Release Cybersecurity Healthcare Toolkit

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.