McLaren Health Care Ransomware Attack: Top Updates

Date: 13 August 2024

Featured Image

McLaren Health Care hospitals reported a disruption to its Information Technology systems last Monday. While McLaren didn’t initially disclose the exact nature of the disruption, a ransom note from the INC Ransomware gang soon started doing the rounds. The note, allegedly, shared by employees of the McLaren Bay Region Hospital, warned that hospital data had been encrypted and would be published on the INC leak site if the ransom was not paid.

Unfortunately, for McLaren, this is the second major cyber attack in a span of a year. Last November, the health care network informed at least 2.2 million people that their data had been breached between July and August, 2023. The BlackCat Ransomware gang claimed responsibility for the attack. 

In this article, we present to you a quick summary of everything we know about the attack so far. All the information has been collated based on Media Reporting. Though we have endeavoured to ensure accuracy of each fact, Cyber Management Alliance takes no credit or responsibility for the information herein.  

Topics Covered Here: 

  1. Impact of the McLaren Ransomware Attack
  2. Actions Taken by McLaren Health Care
  3. Healthcare Under Attack: What should be done
  4. About McLaren Health Care Hospitals

New call-to-action

INC Ransomware Attack on McLaren Hospital: What We Know So Far 

Details on the exact amount and nature of information compromised in this attack is still not known. External cybersecurity experts are apparently analysing the impact of the latest incident. 

While McLaren said in its initial statement that its healthcare providers are ready to care for their patients, here’s what we know about the impact of the Ransomware Attack so far:  

  1. Lost Databases: As per several sources, McLaren lost its patient databases. It advised patients to carry their detailed health information to appointments including medical history and existing medication they are on. The loss of comprehensive information on patients’ medical history, the drugs they may be on and past treatments, is affecting the treatments they are able to safely receive now.

  2. Rescheduled Appointments: Several patients reported that their appointments had been rescheduled as result of the cyber attack at McLaren, including those for Cancer treatments. 

    82-year-old Reginald Tidball, a patient at McLaren Karmanos Cancer Center undergoing chemo and radiation for lung cancer said he’s survived cancer multiple times. However, he was disappointed this week as his appointment kept getting rescheduled. Several other similar stories have been coming to light since last week. 

    Cardiac tests have been postponed and radiation therapy appointments have supposedly been cancelled as a fallout of the ransomware attack. Many have apparently been told that without comprehensive documentation the doctors cannot deliver therapies, especially radiation therapies, safely. 

  3. Employee Woes: The attack is also apparently affecting employees’ paycheck. Once the disruptions were identified as a cybersecurity incident, employees were asked to shut off their systems. Staff were given the option to use their Paid Time Off to cover for the days without work or go on unpaid leave. Many said they feel like they’re being punished for something that’s not their fault.

 (Back to Top)

New call-to-action

Response by McLaren Health Care

In a statement sent to News 10, McLaren Health Care said: “McLaren Health Care can now confirm the disruption to our information technology and phone systems that was reported yesterday was the result of a criminal cyber attack." 

In terms of the Impact on Operations, McLaren said, "Our hospitals and outpatient clinics instituted downtime procedures to ensure care delivery within our facilities. Several information technology systems continue to operate in downtime procedures while we work to fully restore functionality to our system." 

McLaren said its emergency departments continue to be operational and most surgeries and procedures continue to be performed. It added, however, "During this time of limited access to our systems, and out of an abundance of caution, some non-emergent appointments, tests, and treatments are being rescheduled."

A week after the attack i.e on 13th August, the hospital system said all radiation therapy units at Karmanos Cancer Institute care facilities in Michigan are operational again. These facilities include Gamma Knife Radiosurgery in Farmington Hills McLaren Proton Therapy Center in Flint.  

(Back to Top)

New call-to-action

Healthcare Under Attack Again: Lessons Learnt

Not only is this attack the second one on McLaren, it’s also another major attack on a healthcare organisation in the last few months. In the recent past, Change Healthcare, Synnovis and NHS have made for chilling news stories. 

In the past year, over 725 data breaches were reported to the U.S. Department of Health and Human Services Office for Civil Rights. As per the HIPAA Journal, over 133 million records containing protected health data have been exposed.

A significant cybersecurity breach in May impacted all 140 Ascension hospitals across the U.S. This incident too caused disruptions such as postponed or cancelled appointments, ambulance diversions, and restricted electronic access to medical records. The breach even hindered doctors from issuing medical orders. 

Ransomware attacks and cybersecurity disruptions in the healthcare space compromise highly sensitive protected health information (PHI). More worrying is how the health and lives of patients hangs on the line when cyber criminals mess with health data, medical records, imaging and test results. 

This attack is yet another startling reminder of how urgently healthcare organisations the world over need to take their cybersecurity infrastructure and best practices to the next level.   

There is simply no survival without ransomware mitigation measures. Ransomware response and cyber incident response planning has to be more robust than ever to ensure minimal downtime and disruptions. 

Rehearsing for the worst with Cyber Attack Tabletop Exercises is more critical than ever. The staff and key responders need practice for what they’ll do when the organisation or hospital is under attack and all databases become unavailable. It’s imperative to be fully prepared in a vicious threat landscape where attacks of this nature are almost inevitable.    

(Back to Top)

New call-to-action

About McLaren Health Care Hospitals 

  • McLaren Health Care Corporation is headquartered In Michigan and runs 13 hospitals. 
  • McLaren has an annual revenue of more than $6.5 billion. 
  • The hospital network has 28,000+ employees, 640 physicians and works with 
  • 113,000 network providers throughout Michigan, Indiana, and Ohio. 
  • McLaren also offers insurance plans in Michigan and Indiana. About 730,000 people are enrolled in these plans. 
  • The Health Care network also provides hospice care and pharmacy services, in addition to running clinical laboratories. 

(Back to Top)