Pierluigi Paganini
June 23, 2025
McLaren Health Care is notifying over 743,000 people of a data breach discovered on August 5, 2024. McLaren discovered suspicious activity on its and Karmanos Cancer Institute’s systems on August 5, 2024, revealing a data breach incident.
McLaren Health Care is a nonprofit health care organization based in Grand Blanc, Michigan, USA. It is a $6.6 billion, fully integrated health care delivery system committed to quality, evidence-based patient care and cost efficiency. The McLaren operates 14 hospitals in Michigan, ambulatory surgery centers, imaging centers, a 490-member employed primary and specialty care physician network, commercial and Medicaid HMOs covering more than 732,838 lives in Michigan and Indiana, home health, infusion and hospice providers, pharmacy services, a clinical laboratory network and a wholly owned medical malpractice insurance company.
Following the cyber attack, McLaren Health Care launched an investigation into the incident.
“On or about August 5, 2024, McLaren became aware of suspicious activity related to certain McLaren/Karmanos computer systems and they immediately activated their emergency response processes. Additionally, McLaren launched an investigation with the assistance of third-party forensic specialists to secure their network and to determine the nature and scope of the activity. Through the investigation, it was determined that there was unauthorized access to the network between July 17, 2024, and August 3, 2024.” reads the data breach notification letter shared with the Maine Attorney General’s Office. “As part of the investigation, McLaren undertook an extensive forensic review of the potentially impacted files to determine whether any sensitive information was present. It was through this process, which concluded on May 5, 2025, that McLaren determined that personal information and protected health information pertaining to individuals was contained within the files involved. The information that could have been involved includes name, Social Security number, driver’s license number, medical information, and health insurance information.”
The compromised information can include names, Social Security numbers, driver’s license numbers, health insurance details, and medical information.
McLaren notified the Maine AGO that 743,131 individuals were impacted by the security incident. The healthcare organization is providing impacted individuals with 12 months of free credit monitoring services, as well as with guidance on how to protect themselves against fraud and identity theft.
The company did not provide technical details about the attack or the threat actor responsible for the intrusion.
In November 2023, McLaren Health Care (McLaren) disclosed another data breach that occurred between late July and August 2023. The security breach exposed the sensitive personal information of 2,192,515 people. Immediately after the attack, Bleeping Computer noticed that employees at McLaren Bay Region Hospital in Bay City had shared a ransom note warning that the hospital had been hit by the INC RANSOM ransomware group.
Exposed information varied by individual and may include some combination of certain individuals’ names, social Security number, health insurance information, date of birth, and medical information. including billing or claims information, diagnosis, physician information, medical record number, Medicare/Medicaid information, prescription/medication information, diagnostic and treatment information.
At the time, McLaren announced that it had secured its network and was working to review its existing policies and procedures and to implement additional security measures to protect its infrastructure.
In early October 2023, the ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of victims on its Tor leak site. The group claimed to have stolen data belonging to 2.5 million of McLaren Health Care patients.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, data breach)
