For the second time in two years, clients and patients at McLaren Health Care have been caught up in a large-scale data breach. The Michigan healthcare provider recently confirmed in a breach notification letter filed with the Office of the Maine Attorney General that, sometime between July 17, 2024, and August 3, 2024, the personally identifiable information of more than 743,000 patients was accessed by hackers.
According to CyberNews, McLaren and Karmanos, a cancer institute affiliated with McLaren Health Care, were involved in the breach, which compromised sensitive personal information, including names, Social Security numbers, driver's license numbers, medical records, and health insurance details.
Threat actors can use such information to commit further malicious actions, such as medical identity theft —essentially, filing false claims to health insurers using the stolen information, or creating a victim profile that is used for identity theft, social engineering, or phishing attacks.
McLaren Health Care did not provide any details about the kind of breach or nature of the cyberattack in this instance. In 2023, the company was victim of a ransomware attack by BlackCat, also known as ALPHV, which then posted the results of the attack on its dark web blog. In that instance, similar personal information was taken; additionally, medical record numbers, claims information, and diagnosis information were included in the breach.
McLaren Health Care operates 3100 licensed beds and covers 732,000 people across its health maintenance organization plans, and had a net revenue of $6.6 billion in 2024.
What to do after a data breach
First, ensure that you're changing the passwords for your accounts and using unique, strong passwords for each one. When possible, use passkeys instead. Always use two-factor or multi-factor authentication when available.
The biggest threat will be phishing attacks and online fraud, so avoid clicking on links, QR codes or downloading attachments from unknown senders. If you receive something that appears to be from someone you know, confirm it with them in an independent manner, such as calling them on the phone or texting them.
If you haven't signed up for one of the best identity theft protection services, now might be a good time to look into them. You can also consider putting fraud alerts on your files with the Big Three credit-reporting agencies Equifax, Experian and TransUnion, and even instituting a credit freeze (although doing so can complicate getting a loan or opening new payment accounts).
When going online, make sure you have one of the best antivirus software programs installed and up to date, since these programs often include a VPN, password manager, secure browser and other extra security tools to help keep you safe online.
More from Tom's Guide
- 7 online scams that can leave you broke, exposed, and feeling helpless — how to stay safe
- Worried about the 16 billion data breach? I've been hacked, and this is everything I did to fix it
- T-Mobile denies new breach of 64 million records — is your data safe?
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
