The hospital system confirmed the attack caused an IT and phone system outage.
What happened
McLaren Health Care, a health network operating 13 hospitals in Michigan, Indiana, and Ohio, recently suffered a data breach. The organization also operates ambulatory surgery centers, imaging centers, and more than 350 facilities.
On August 7th, the network confirmed that a recent disruption, which resulted in some appointments, tests, and treatments being delayed, was the result of a cyberattack.
McLaren continues to investigate the incident, but the majority of appointments are proceeding as normal. Patients are asked to bring a list of medications they use, printed physician orders, lab test results, and a list of allergies to appointments.
Going deeper
According to a report from the Detroit Free Press, the incident marks the second cyberattack against McLaren Health Care in a year. The last breach, which was reported to the Michigan Attorney General, took place in October of 2023. In this incident, ransomware group ALPHV (also known as BlackCat) claimed responsibility after stealing protected health information (PHI) from 2.5 million McLaren patients.
The most recent attack began on August 5th and initially led to downed and diverted operations; some ambulances were diverted and some appointments were canceled.
McLaren is continuing to work with experts to investigate the incident and mitigate the impact. They have not revealed if the attack has any connection to last year's incident.
What was said
In McLaren’s notice, the organization stressed that their facilities are “largely operational and able to care for our communities and will continue to do so until operations are fully restored.” Upon becoming aware of the attack, McLaren said they immediately began implementing their downtime procedures. “Several information technology systems continue to operate in downtime procedures while we work to fully restore functionality in our system,” the organization said.
The team further apologized for the inconvenience, saying they are “incredibly grateful and humbled by the response of our team members and medical staff who have pulled together under the difficult circumstances to provide our communities with the care they need… To the communities we are honored to serve, we deeply and sincerely apologize for any inconvenience the attack by these malicious threat actors has caused.”
The big picture
While attacks continue to rise, the McLaren incident is a reminder of how important downtime procedures are. In healthcare especially, hospitals must be able to continue caring for patients despite disruptions whenever possible.
Often, hospitals are targeted by cybercriminals because of the sensitive data and risk to patient well-being. By preparing for an attack before it occurs, organizations are less likely to feel forced to pay a ransom or take other measures to end an attack.
Related: HIPAA Compliant Email: The Definitive Guide.
Abby Grifno
