McLaren Health Care breach exposes medical data of 2.3M+ individuals


McLaren Health Care, a healthcare provider in Michigan, USA, has suffered a ransomware attack with perpetrators getting their hands on sensitive data such as medical records.

The attackers breached the healthcare provider in late July and roamed its systems for nearly a month, McLaren Health Care said in a breach notification letter to affected individuals.

In late September, the notorious ALPHV ransomware gang, also known as BlackCat, posted McLaren Health Care on its dark web blog, used to showcase the gang‘s latest victims. Publishing the victims‘ data often indicates that the organization refused to pay the ransom.

ADVERTISEMENT

What McLaren Health Care data was exposed?

According to information that McLaren Health Care submitted to Maine's Attorney General, nearly 2.2 million individuals had their data exposed.

Moreover, according to the breach notification letter, attackers accessed a trove of sensitive medical data.

While the healthcare provider notes that not every impacted individual had the same level of exposure, it states that attackers may have accessed:

  • Names
  • Social Security numbers
  • Health insurance information
  • Dates of birth
  • Claims information
  • Diagnosis
  • Physicians information
  • Medical record numbers
  • Medicate/Medicaid information
  • Prescription and medication data
  • Diagnostic and treatment data

Individual healthcare data can be sold for hundreds of dollars on dark web forums. For example, malicious actors can use medical details for medical identity theft, a type of fraud where threat actors use stolen information to submit forged claims to Medicare and other health insurers.

Meanwhile, other personally identifiable information (PII) may be used to commit fraud, from identity theft and phishing attacks to opening new credit accounts, making unauthorized purchases, or obtaining loans under false pretenses.

The healthcare provider advised attack victims to monitor and review financial and account statements and report any unusual activity. The affected individuals have also been offered identity protection services and an identity theft security policy.

ADVERTISEMENT

McLaren Health Care operates 3,412 licensed beds, employs nearly 17,000 staff, and covers over 730,000 people across its health maintenance organization plans. The company enjoyed a revenue of $6.4 billion in 2022.

Who is ALPHV/BlackCat ransomware?

ALPHV/BlackCat ransomware was first observed in 2021. Like many others in the criminal underworld, the group operates a ransomware-as-a-service (RaaS) business, selling malware subscriptions to criminals.

According to an analysis by Microsoft, threat actors that began deploying it were known to work with other prominent ransomware families such as Conti, LockBit, and REvil.

The FBI believes that money launderers for the ALPHV/BlackCat cartel are linked to the Darkside and Blackmatter ransomware cartels, indicating that the group has a well-established network of operatives in the RaaS business.

The gang gained international attention earlier this year after it, together with Scattered Spider hackers, attacked MGM Resorts International and Caesars Entertainment.

According to Ransomlooker, the Cybernews’ ransomware monitoring tool, ALPHV was among the most active gangs in the last 12 months, victimizing 317 organizations worldwide.

ADVERTISEMENT