McLaren data breach may have exposed data of 2.5 million patients

McLaren data breach overview: 

• Who: Michigan-based non-profit healthcare company McLaren Health Care confirmed that it suffered a data breach earlier this year. 
• Why: McLaren said the data breach may have exposed the personal information of nearly 2.2 million individuals. 
• Where: McLaren operates 13 hospitals located across the state of Michigan. 

Michigan-based non-profit healthcare company McLaren Health Care has confirmed that nearly 2.2 million individuals may have had their sensitive personal information exposed during a data breach that occurred earlier this year. 

McLaren, in a data breach notice filed with Maine’s attorney general, said the incident occurred from July 28 to August 23 and was ultimately uncovered by the company on Oct. 10, following a review. 

Private information that may have been exposed in the data breach includes some combination of full names, Social Security numbers, health insurance information, birthdates, medical record numbers, and medical billing information, among other things. 

McLaren said that, upon discovering the data breach, it “moved quickly” to both investigate and respond to the incident and that it has notified federal law enforcement about it. 

“McLaren is also working to implement additional safeguards and training to its employees,” the company said. 

McLaren urges consumers to be vigilant, offers one year of free identity theft protection in wake of data breach

McLaren also informed affected consumers that it would be providing a year of free access to credit monitoring services through IDX and said it will be offering guidance on “how to better protect against identity theft and fraud.” 

In a sample notification letter to potentially affected consumers, McLaren said that, while there is “currently no evidence” any of their information has been misused, they should “remain vigilant” and monitor and review their financial and account statements. 

McLaren has also encouraged those potentially impacted by the data breach to reach out to the Federal Trade Commission, their state attorney general, or law enforcement to report an attempt or actual identity theft and fraud. 

“Again, at this time, there is no evidence that your information has been misused. However, we encourage you to take full advantage of this service offering,” McLaren said, in its sample letter. 

While McLaren did not address who may have been behind the incident, a ransomware group called ALPHV/BlackCat took responsibility for an attack on the health care company’s network on Oct. 4, reports Bleeping Computer. 

The group at that time reportedly threatened to auction off data it allegedly stole from McLaren, with the bad actors claiming it would impact 2.5 million individuals. 

In another case involving a healthcare company data breach, Marietta Health agreed last month to pay $1.75 million to end claims it failed to protect its patients from a 2021 data breach. 

Were you affected by the McLaren data breach? Let us know in the comments! 

Read About More Class Action Lawsuits & Class Action Settlements:

• Chinese bank data breach affects Treasury trading
• Mr. Cooper class action claims mortgage provider’s negligence resulting in data breach
• Dollar Bank class action claims data breach affected 13K+ current, former customers
• Postmeds class action alleges data breach compromised customer personal, health info