McLaren Health Care have confirmed that the outage reported earlier this week was caused by a cyber attack. The attack has impacted all 13 of the facilities operated by the healthcare system and delayed treatments.
This marks the second cyber attack faced by McLaren in the past year. The extent of the damage caused by this latest cyber attack is not currently known. The previous attack on McLaren led to a data breach that impacted over 2.2 million patients and exposed sensitive health information.
The McLaren IT team is currently working with external cyber security experts to analyze and mitigate the impact of the cyberattack. They are currently unable to confirm if any patient data has been compromised.
Appointments, Tests and Treatments Impacted
Upon discovering the cyber attack, all McLaren facilities instituted ‘downtime procedures’ to cause minimal impact to continuity of care.
They state that facilities are mostly operational, particularly the emergency department. Most surgeries and procedures will be continued however some ‘non emergent appointments, tests, and treatments’ will be canceled and rescheduled as a result.
McLaren is working to restore full operations and minimize inconvenience to patients. Patients with scheduled procedures are advised to keep an eye out for contact from the McLaren team and the healthcare provider directly for updates.
What to do if you have an appointment with McLaren Health Care?
Unless you have been contacted by a member of McLaren Health Care patients with scheduled appointments should plan to attend as normal.
However, the McLaren team have requested that all patients bring in additional documentation to the appointment if possible, including:
- A list of current medications or prescription bottles
- Printed physician orders for imaging studies or treatments
- Printed results of recent lab tests available in the patient portals
- A list of allergies
Who was behind the McLaren Health Care Cyber Attack?
McLaren Health have not yet issued a statement on the nature of the attack or who was behind it. However, employees from the McLaren Bay Region Hospital have shared alleged ransom note warnings on social media claiming the attack was carried out by INC RANSOM, a ransomware gang.
The alleged ransom note states that the hospital's systems have been encrypted to be published on the gang's leak site if McLaren Health does not pay a ransom.
The note goes on to explain that the cyber gang are not ‘politically motivated’ and simply want money. It also threatens that if the ransom is not paid they will attack again and warns against involving the police or FBI.
Who are the INC Ransom gang?
INC Ransom is a relatively new ransomware group that emerged in August 2023. They employ a double extortion tactic, meaning they not only encrypt victims' data but also threaten to leak it publicly if a ransom isn't paid.
The victims of INC Ransom so far have been mostly private sector businesses with almost all victims originating from the United States or Europe.
The group typically publishes a ‘proof pack’ consisting of photos of the private data they have stolen to motivate victims to pay quickly, however this has not yet been reported for McLaren Health Care.
What is McLaren Health Care?
McLaren Health Care is a non profit healthcare system based in Michigan. It is most well known for operating Michigan's largest network of cancer centers, including the famous Karmanos Cancer Institute which is one of only 56 nationally recognized comprehensive cancer centers in the U.S.
With 13 hospitals as well as ambulatory care centers, and a large physician network, McLaren provides a comprehensive range of healthcare services across the state of Michigan.
