Criminal Cyber Attack on McLaren Health Care: Systems Disrupted
Cyber Attack Details
McLaren Health Care confirmed on Wednesday that a "criminal cyber attack" disrupted its computer and telephone systems. The issue first came to light on Monday. The health care provider's IT team, along with external cybersecurity experts, is currently analyzing the attack to mitigate its impact.
Impact on Services
Despite the attack, McLaren's facilities remain largely operational, with emergency departments and most surgeries and procedures continuing as planned. However, some non-emergency appointments, tests, and treatments are being rescheduled. Patients are advised to bring a list of current medications, printed physician orders for imaging studies, printed results of recent lab tests, and a list of allergies to their appointments.
Previous Incidents
This incident marks the second major disruption for McLaren since last fall, when a ransomware attack forced the health system to shut down its computer network. During that event, a cybercriminal gang known as BlackCat/AlphV claimed to have stolen sensitive personal health information of 2.5 million patients.
Official Statements and Apologies
McLaren's statement expressed gratitude towards frontline caregivers and staff for maintaining care delivery under the circumstances. They also apologized for any inconvenience caused by the attack. The organization is actively working with vendor partners and insurance providers to ensure the supply chain and insurance authorizations are unaffected.
Legal and Compliance
State Attorney General Dana Nessel's office reported no new data breach notifications from McLaren related to this incident. McLaren has yet to file a data breach report with the U.S. Dept. of Health and Human Services’ Office for Civil Rights.
McLaren operates 13 hospitals in Michigan, ensuring continuous care for its communities despite these challenges.
