McLaren Health Care is notifying nearly 2.2 million people of a data breach that occurred between late July and August this year, exposing sensitive personal information. McLaren is a non-profit healthcare system with an annual revenue of $6.6 billion. It encompasses an extensive network across Michigan that includes 14 hospitals with a total bed capacity of 2,624 and is supported by a team of 490 physicians. The organization boasts a substantial workforce, with a 28,000 full-time staff. It maintains contractual relationships with 113,000 providers, extending its reach into Indiana. McLaren published a statement on its website about the intrusion and also notified U.S. authorities. The organization also alerted impacted individuals of the incident. Per the provided information, McLaren identified a security breach on August 22, 2023. Subsequent investigations, conducted with the assistance of external cybersecurity experts, revealed that the breach had compromised its systems since July 28, 2023. The specific types of data exposed differ for each individual, depending on the information they shared with the organization and the services they received. McLaren says it currently holds no evidence that cybercriminals abused the exposed data but urges impacted individuals to be cautious with unsolicited communications and keep a close eye on their bank account activity. "While there is currently no evidence that your information has been misused, we recommend that you remain vigilant, monitor and review all of your financial and account statements and explanations of benefits, and report any unusual activity to the institution of record and to law enforcement." - McLaren. Although the organization does not disclose many details about the cyberattack, it is worth mentioning that the ALPHV/BlackCat ransomware group took responsibility for an attack on McLaren's network on October 4. The threat actors published samples of the data they allegedly stole from McLaren and threatened to auction the entire data set that they claim to impact 2.5 million people. Seiko says ransomware attack exposed sensitive customer data. MGM Resorts ransomware attack led to $100 million loss, data theft. Motel One discloses data breach following ransomware attack. TransForm says ransomware data breach affects 267,000 patients. BlackCat ransomware uses new 'Munchkin' Linux VM in stealthy attacks.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000