Ransomware attack threatens to expose McLaren Health patient data

/in


Michigan Attorney General Dana Nessel warned this week a cyberattack against McLaren Health Care could affect a large number of patients.

McLaren Health, a healthcare system with 15 Michigan hospitals, was hit by a ransomware attack in August, according to the attorney general’s office. Ransomware, a type of malware that can shut down an entire network, is used to steal data before encrypting the system. The stolen information is then held hostage until a ransom is paid.

“This attack shows, once again, how susceptible our information infrastructure may be,” Nessel said in a statement. “Organizations that handle our most personal data have a responsibility to implement safety measures that can withstand cyber-attacks and ensure that a patient’s private health information remains private.”

A cybercriminal group called ALPHV, or BlackCat, claimed responsibility for stealing the sensitive personal health information of 2.5 million McLaren patients, a news release said. But the actual number of affected patients and the type of health information remains unknown.

ALPHV claimed in a message posted to the dark web last week the McLaren data was on the dark web and would be released in a few days unless a ransom payment was received. The group is also linked to the data breach at MGM Resorts that is reportedly costing $100 million.

McLaren shared a statement saying, “we are investigating reports that some of our data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible.”

The healthcare group also said it found no evidence the cybercriminals still have access to the IT system. McLaren has brought in security experts and is working with law enforcement, a news release said.

“Protecting the security and privacy of data in our systems is a top organizational priority, so we immediately launched a comprehensive investigation to understand the source of the disruption and identify what, if any, data exposure occurred,” McLaren said.

Nessel encouraged McLaren patients to protect their data and know the warning signs when someone is using private medical information:

  • A doctor’s bill for services you did not…

Source…