US nonprofit healthcare organization McLaren Health Care has notified nearly three quarters of a million people that their data may have been stolen.
Michigan-based McLaren Health Care runs a network of hospitals, clinics, and specialized care centers throughout the Midwest, offering hospital services, physician networks, health plans, and home-based care.
According to the nonprofit, an attack last summer on Karmanos Cancer Institute – an independent organization that forms part of McLaren’s network – personal information including names, social security numbers, driver’s license numbers, medical information, and health insurance details were compromised.
McLaren said it discovered the breach on August 5th last year, and, with the help of third-party forensic specialists, launched an investigation to secure its network – but only completed its investigation in May this year.
“Through the investigation, it was determined that there was unauthorized access to the network between July 17, 2024, and August 3, 2024,” it said in a statement.
“Following the cybersecurity attack, updates were provided on the mclaren.org and karmanos.org pages and a call center was established to answer questions from McLaren’s patients and their communities.”
McLaren Health Care said the breach appeared to have been carried out by a ransomware group. The INC Ransom Ransomware as a Service (RaaS) gang has apparently claimed responsibility for the attack, warning that unless a ransom was paid the data would be published on its TOR dark web site.
McLaren is offering a year’s access to credit monitoring services to those affected, along with guidance on how to protect themselves against identity theft and fraud. It said it has also notified the relevant state and federal regulators, as well as three major credit reporting agencies.
Several law firms have already launched class action lawsuits against McLaren.
McLaren Health Care attack the second in two years
The attack is the second to hit McLaren in the last couple of years, with an attack in July 2023 targeting the organization itself. That breach was claimed by the ALPHV group, also known as BlackCat.
It’s just one in a series of increasingly-common incidents affecting the healthcare sector, with a report from Proofpoint late last year finding that 92% of healthcare organizations had experienced at least one cyber attack in the past year.
The most frequent types of attack were cloud compromise, ransomware, supply chain attacks, and business email compromise (BEC), with supply chain attacks in particular reported by 68%.
Losses ranged from $10,000 to more than $25 million, with the average cost coming in at $4,740,000.
“It’s an important time to be revalidating incident playbooks, especially in critical infrastructure sectors,” said Gabrielle Hempel, security operations strategist at Exabeam.
“It’s also important at this point for organizations to assume early-stage compromises are already underway, and to be prioritizing identity hygiene, external surface recognition, and visibility into third-party risk.”
MORE FROM ITPRO
Source link
- 1win — казино и БК.3237
- 1win — официальный сайт букмекерской конторы 1вин.522
- казино онлайн 2025 где самые выгодные условия.672
- казино онлайн 2025 где самые выгодные условия.993
-
-
-
-
