Michigan-based McLaren Health Care began informing 743,131 individuals about the compromise of some of their protected health information (PHI) during a ransomware attack in August 2024.
McLaren Health Care had earlier reported the ransomware attack, but the analysis of the compromised files took a longer time; therefore, the delay in sending personal breach notification letters. The letters state that McLaren Health Care detected the unauthorized access to its computer network on or about August 5, 2024. Third-party cybersecurity specialists helped McLaren Health Care confirm the unauthorized access, which affected the systems that McLaren Health Care and its Karmanos cancer facilities used from July 17, 2024 to August 3, 2024.
On May 5, 2025, the extensive forensic analysis of the impacted files was completed. It was confirmed that the compromised files contained personal data and PHI. The breached data included names, driver’s license numbers, Social Security numbers, medical data, and medical insurance data. In compliance with the HIPAA Breach Notification Law, McLaren Health Care mailed individual notification letters on or about June 20, 2025, and offered free credit monitoring and identity theft protection services for one year.
There is no statement in the notification letters that attributes the incident to a ransomware attack. It did not say that Inc. Ransom ransomware group was the attacker, as previously associated with the attack. McLaren Health Care is not listed on the Inc Ransom data leak site, which might indicate the payment of the ransom demand, though McLaren Health Care does not confirm this.
This was McLaren Health Care’s second ransomware attack this year. The first attack was carried out by the ALPHV/BlackCat ransomware group and resulted in the theft of PHI of 2,103,881 individuals.