US healthcare giant McLaren says data on 2.2 million patients stolen during ransomware attack

BlackCat hid in McLaren’s network for weeks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

US healthcare giant McLaren has confirmed it suffered aransomwareattack in which sensitive data on more than two million patients stolen.

The company filed a data breach notice with the Maine attorney general in which it explained that the hackers, identified as BlackCat, breached McLaren’s systems in late July 2023. The threat actor operated on the company’s endpoints for three weeks, before being spotted in late August.

During their time in McLaren, the hackers stole sensitive data belonging to 2.2 million patients, including full names, birth dates, Social Security Numbers, medical information, billing claims, diagnosis data, prescription and medication details, and more. They also stole Medicare and Medicaid information, as well, withTechCrunchable to view screenshots of some of the stolen data and apparently, the hackers also had access to the company’spassword manager, internal financial statements, employee information, and more.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Millions of victims

Soon after the incident, BlackCat took responsibility for the attack, and subsequently even said it was negotiating with McLaren’s representatives on future steps. There was no evidence to confirm these claims, though, and McLaren did not wish to discuss anything beyond its public statement.

McLaren operates 13 hospitals across the State of Michigan and employs roughly 28,000 people. TechCrunch reports that the company made more than $6 billion in revenue last year, alone. At the moment, it’s facing three class action lawsuits related to the cyberattack.

Ransomware is currently one of the biggest threats to organizations of all shapes and sizes, operating in all industries. While some groups refrain from targeting hospitals, critical infrastructure operators, and government agencies (for pragmatic reasons - not to poke the government bear) others indiscriminately target whoever they can, in pursuit of large profits.

BlackCat is currently one of the most active and disruptive ransomware operators out there, next to the likes of LockBit and Cl0p.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet