Ransomware Attack Hits McLaren Healthcare: Data of Over 743,000 Patients Exposed

McLaren Healthcare has announced that a ransomware attack last year exposed the personal and medical data of 743,131 patients. The healthcare system, based in Grand Blanc, Michigan, began sending out notification letters this month to alert those affected.

The cyberattack took place between July 17 and August 3, 2024, and impacted patients across McLaren’s 13 hospitals, Karmanos Cancer Centers, and outpatient clinics.

According to documents filed by McLaren, the stolen information may include:

• Full names

• Social Security numbers

• Driver’s license numbers

• Medical details

• Health insurance information

The breach was confirmed after a forensic investigation completed on May 5, 2025. Patients of the Karmanos Cancer Centers were also among those affected.

Although McLaren did not reveal who was behind the attack, cybersecurity experts believe the Inc Ransomware group may be responsible. This group has previously targeted hospitals and clinics. Paul Bischoff, a privacy expert from Comparitech, warned that healthcare systems are especially vulnerable due to their internet-facing services and non-technical staff, which can open doors to phishing and software exploits.

The attack caused major disruptions to McLaren’s operations last year. Some elective surgeries were delayed, and staff had to update medical charts by hand. Fortunately, systems were restored earlier than expected, and full operations resumed by August 30, 2024.

This isn’t the first time McLaren has been targeted. In 2022, another ransomware group, ALPHV/BlackCat, breached McLaren’s systems and stole data from 2.2 million patients. Although the FBI later shut down BlackCat’s infrastructure, the group returned to carry out a massive cyberattack on Change Healthcare in early 2024.

Cyberattacks like these are costing the U.S. healthcare system billions. A report by Comparitech estimates that ransomware attacks have caused $21.9 billion in downtime since 2018.

In its public statement, McLaren said it took swift action once the breach was discovered:

“McLaren moved quickly to investigate and respond to the incident, assess the security of our systems, and identify potentially affected individuals.”

The healthcare provider is also taking steps to improve cybersecurity and provide additional training for staff.

Patients are being urged to monitor their financial accounts, consider credit monitoring, and stay alert to possible identity theft.