Grand Blanc, Mich.-based McLaren Health Care reported a cyberattack last year exposed 743,131 patients’ data, according to The HIPAA Journal.
Four things to know:
- McLaren and the Detroit-based Karmanos Cancer Institute identified suspicious activity around Aug. 5, 2024 and began investigating. The “suspicious activity” was an international ransomware group attacking the organization.
- The health system immediately triggered an emergency response plan and engaged a third party forensic specialist to secure the network and investigate the incident. Their investigation concluded on May 5, 2025.
- The ransomware group had access to McLaren’s network from July 17-Aug. 3, 2024, including patient data such as Social Security numbers, health insurance information, birth dates, diagnoses and more.
- In 2023, the ALPHV / BlackCat ransomware group separately attacked McLaren and branched more than 2 million patients’ information.
