McLaren Health Care Hit By Ransomware Attack Again

An article from

Dive Brief:

• McLaren Health Care confirmed it was hit by ransomware on Friday after reporting a cyberattack earlier this month.
• IT disruptions due to the attack are expected to continue through the end of August, the Grand Blanc, Michigan-based health system said. Though the incident is contained, access to some of McLaren’s systems remains limited. 
• The health system was also hit by a ransomware attack last year. Ransomware, which denies users access to their data until a ransom is paid, has become a growing threat to the healthcare sector. 

Dive Insight:

The incident comes about a year after another ransomware attack on McLaren. A cybercriminal group called AlphV or Blackcat, which was also linked to the Change Healthcare outage early this year, claimed responsibility for the previous attack. 

“Our experience has made clear that cyberattacks against our health care infrastructure are an industrywide problem, and it’s not hyperbole to call health care cybercrime a national security threat,” Phil Incarnati, McLaren president and CEO, said in a statement Friday.

McLaren first reported phone and IT system problems in early August, and later confirmed the disruption was caused by a cyberattack.

The health system said the attack has affected IT systems across its 13 hospitals, cancer treatment centers, surgery centers and clinics. 

McLaren previously reported some locations were diverting ambulances to nearby facilities for certain conditions, the health system said in an Aug. 12 update. Primary and specialty care clinics were largely operational and available for appointments, but some still struggled with phone disruptions. 

On Friday, the health system said clinical services are operational, and patients should use services normally. Emergency departments are open, and postponed elective surgeries have been or are currently being rescheduled. 

Patients should still show up for appointments, unless they’re contacted by McLaren staff, the health system said. Still, the provider is asking patients to bring a list of medications or empty prescription bottles, printed orders for imaging studies or treatments, results of recent lab tests and a list of allergies. 

The incident at McLaren is one of a growing number of ransomware attacks on the U.S. healthcare sector, which has seen cases nearly doubled from 2022 to 2023, according to the Cyber Threat Intelligence Integration Center. 

The healthcare industry has already faced high-profile ransomware attacks this year at nonprofit health system Ascension and UnitedHealth-owned technology firm and payment processor Change Healthcare.

The ransom paid after the attack on Change — which disrupted payments to providers and other daily healthcare work — may have spurred even more criminals to target the sector, according to cybersecurity firm Recorded Future. 

Hospitals are already vulnerable targets for attackers, since they may be motivated to accede to demands if it means bringing their systems back online, experts say. IT outages can have serious implications for healthcare delivery, delaying care, increasing patient safety concerns and adding to nearby hospitals’ caseloads.