McLaren Health Care falls victim to criminal cyber attack

McLaren Health Care, a healthcare organization operating mainly in the Midwestern United States, fell victim to a criminal cyberattack. The incident was disclosed by the organization on August 7, 2024, and so far, there has been no confirmation of whether patient or employee data was compromised. 

Erich Kron, a security awareness advocate at cybersecurity company KnowBe4, stated, “Healthcare organizations are continually targeted by malicious actors due in part to the value of PHI records and the urgent nature of medical services. PHI contains enough information to commit identity theft, or be used for extortion. A lot of the information shared with medical professionals could be very sensitive for patients, and threat actors know this and are willing to exploit it.”

Upon discovering the cyberattack, the organization implemented downtime procedures and initiated the process of restoring operations. Most systems are functioning normally; however, some non-urgent appointments, treatments, and tests had to be rescheduled. Patients whose appointments have not been rescheduled are advised to bring necessary information such as current medications, physician orders, lab test results, or allergy lists.

Kron emphasizes, “For organizations that handle sensitive data like PHI, it’s crucial to ensure that the data is safeguarded with data loss prevention measures, reliable backups, and that employees are educated to identify and report phishing emails, the primary source of initial network breaches.”