Pierluigi Paganini
November 10, 2023
McLaren Health Care (McLaren) disclosed a data breach that occurred between late July and August. The security breach exposed the sensitive personal information of 2,192,515 people.
McLaren Health Care is a nonprofit health care organization based in Grand Blanc, Michigan, USA. It is a $6.6 billion, fully integrated health care delivery system committed to quality, evidence-based patient care and cost efficiency. The McLaren operates 14 hospitals in Michigan, ambulatory surgery centers, imaging centers, a 490-member employed primary and specialty care physician network, commercial and Medicaid HMOs covering more than 732,838 lives in Michigan and Indiana, home health, infusion and hospice providers, pharmacy services, a clinical laboratory network and a wholly owned medical malpractice insurance company.
The company became aware of anomalous activity on or about August 22, 2023, and immediately launched an investigation with the help of third-party forensic experts. The investigation revealed that threat actors gained unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023.
“On August 31, 2023, McLaren learned the unauthorized actor had the ability to acquire certain information stored on the network during the period of access. As part of an ongoing investigation, McLaren undertook a thorough review of the potentially impacted files to determine whether any sensitive information was present. It was through this process, which concluded on October 10, 2023, that McLaren determined that information pertaining to certain individuals may have been included in the potentially impacted files.” reads the notice of data breach sent to the Maine Attorney General.
Exposed information varied by individual and may include some combination of certain individuals’ names, social Security number, health insurance information, date of birth, and medical information. including billing or claims information, diagnosis, physician information, medical record number, Medicare/Medicaid information, prescription/medication information, diagnostic and treatment information.
McLaren announced to have secured its network and is working to review its existing policies and procedures and to implement additional security measure to protect its infrastructure.
The company also notified U.S. authorities and the impacted individuals. McLaren offers to impacted individuals an identity protection services for 12 months.
The company recommends impacted individuals to remain vigilant and monitor their bank account activity.
“While there is currently no evidence that your information has been misused, we recommend that you remain vigilant, monitor and review all of your financial and account statements and explanations of benefits, and report any unusual activity to the institution of record and to law enforcement.” continues the notice. “In addition, we are offering identity theft protection services through IDX, a data breach and recovery services expert. IDX identity protection services offered by McLaren include: <<12 months/24 months>> of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.”
In early October, 2023, the ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of victims on its Tor leak site. The group claimed to have stolen data belonging to 2.5 million of McLaren Health Care patients.
The ransomware group accused the organization of having attempted to cover up the security breach. The ransomware gang also added that they have still access to the network of the organization.
“It would have been more interesting if a Mclaren representative had talked in an interview about how they asked not to publish the stolen data and skillfully wanted to cover up the fact that their network had been hacked. Mclaren were preparing a way out and ended up devaluing the sensitive data of 2.5 million of their patients. Protecting the privacy and interests of your customers is nothing more than lip service.
Maclaren Your security is at an all-time low, and we’ve proven it to you. Our backdoor is still running on your network, you decided to play with us, we have a great sense of humor too, and we know how to have fun.” See you again……..” reads the message published by the ALPHV gang on its leak site.
The Alphv ransomware group has been very active in this period, recently it claimed to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, and the hotel chain Motel One.
The cyber security researcher Dominic Alvieri reported that ALPHV BlackCat Ransomware has breached 15 more US hospitals & 2 HMOs.
BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA, the US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, the Swissport, NCR, and Western Digital.
The ransom demands of the group range from a few tens of thousands of dollars up to tens of millions of dollars.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, McLaren Health Care)
