Dive Brief:
- McLaren Health Care confirmed it had experienced a ransomware attack after recently detecting suspicious activity on its computer network. The Grand Blanc, Michigan-based health system is now investigating whether some of its data could be available on the dark web.
- Ransomware group ALPHV/BlackCat took responsibility for an attack at McLaren, claiming they stole data from 2.5 million patients and continue to operate a “backdoor” on the nonprofit health system’s network, according to Security Affairs.
- The health system launched an investigation to “identify what, if any, data exposure occurred” and retained cybersecurity experts to assist, according to a McLaren spokesperson. Based on their current analysis, the spokesperson told Healthcare Dive that they see no evidence to support the backdoor claim.
Dive Insight:
Healthcare data breaches have grown increasingly common over the past decade, exposing 385 million patient records from 2010 to 2022, according to federal records. Hacking incidents in particular have soared over the past five years compared with other types of breaches like theft, data loss or improper disclosure.
Ransomware, where hackers hold critical data hostage and demand payment in return for returned access, is a significant threat to healthcare organizations, experts say. Providers may be more willing to pay ransoms if attacks disrupt patient care, which can have deadly consequences.
A quarter of providers said their mortality rates rose following a ransomware attack, according to a 2021 survey from the Ponemon Institute.
An attack against CommonSpirit Health last year interrupted access to medical records and delayed care in multiple regions. Prospect Medical Holdings was forced to close some locations and rely on paper records this year after being attacked by ransomware this summer.
One Prospect hospital in Connecticut could not accept new patients for 17 days in August due to the ransomware attack, forcing ambulance crews to send patients as far away as Massachusetts, the Connecticut Mirror reported.
A McLaren spokesperson told Healthcare Dive its systems remain operational and it "will notify individuals whose information was impacted, if any, as soon as possible." The health system’s billing systems and EHR were affected by a network shutdown after the security team found the suspicious activity, according to reporting by the Detroit Free Press in early September.
The HHS has previously warned the healthcare sector about BlackCat, calling the group “a relatively new but highly-capable ransomware threat” in a January briefing.
The Office of Information Security and the Health Sector Cybersecurity Coordination Center said BlackCat was first detected in November 2021, and that the group has demanded ransoms as high as $1.5 million.
