US healthcare giant McLaren says data on 2.2 million patients stolen during ransomware attack

News
By published

BlackCat hid in McLaren's network for weeks

Lock on Laptop Screen
(Image credit: Shutterstock.com) (Image credit: Future)

US healthcare giant McLaren has confirmed it suffered a ransomware attack in which sensitive data on more than two million patients stolen.

The company filed a data breach notice with the Maine attorney general in which it explained that the hackers, identified as BlackCat, breached McLaren’s systems in late July 2023. The threat actor operated on the company’s endpoints for three weeks, before being spotted in late August.

During their time in McLaren, the hackers stole sensitive data belonging to 2.2 million patients, including full names, birth dates, Social Security Numbers, medical information, billing claims, diagnosis data, prescription and medication details, and more. They also stole Medicare and Medicaid information, as well, withTechCrunch able to view screenshots of some of the stolen data and apparently, the hackers also had access to the company’s password manager, internal financial statements, employee information, and more. 

Reader Offer: $50 Amazon gift card with demo

Reader Offer: $50 Amazon gift card with demo
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?

Millions of victims

Soon after the incident, BlackCat took responsibility for the attack, and subsequently even said it was negotiating with McLaren’s representatives on future steps. There was no evidence to confirm these claims, though, and McLaren did not wish to discuss anything beyond its public statement.

McLaren operates 13 hospitals across the State of Michigan and employs roughly 28,000 people. TechCrunch reports that the company made more than $6 billion in revenue last year, alone. At the moment, it’s facing three class action lawsuits related to the cyberattack.

Ransomware is currently one of the biggest threats to organizations of all shapes and sizes, operating in all industries. While some groups refrain from targeting hospitals, critical infrastructure operators, and government agencies (for pragmatic reasons - not to poke the government bear) others indiscriminately target whoever they can, in pursuit of large profits. 

BlackCat is currently one of the most active and disruptive ransomware operators out there, next to the likes of LockBit and Cl0p.

More from TechRadar Pro

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
security
Ransomware gangs allegedly hit two major US healthcare firms, 300,000 patients have data stolen
ID theft
Over a million patients potentially hit after another US healthcare provider hit by cyberattack
Lock on Laptop Screen
United Healthcare data breach may have affected 190 million Americans
ransomware avast
The biggest addiction treatment provider in the US says it was hit by data breach
A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."
UK private health services firm told to pay up $2m for ransomware hit
healthcare
Top US health provider tells 882,000 patients they were hit in August 2023 breach
Latest in Security
Data leak
Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection
Third-party security issues could be the biggest threat facing your business
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Android Logo
Devious new Android malware uses a Microsoft tool to avoid being spotted
URL phishing
HaveIBeenPwned owner suffers phishing attack that stole his Mailchimp mailing list
Ransomware
Cl0p resurgence drives ransomware attacks to new highs in 2025
Latest in News
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
EA Sports F1 25 promotional image featuring drivers Oscar Piastri, Carlos Sainz and Oliver Bearman.
F1 25 has been officially announced, with this year's entry marking a return for Braking Point and a 'significant overhaul' for My Team mode
Garmin clippd integration
Garmin's golf watches just got a big software integration upgrade to help you improve your game
Robert Downey Jr reveals himself as Doctor Doom to a delighted crowd at San Diego Comic-Con 2024
Marvel is currently revealing the full cast for Avengers: Doomsday, and I think it's going to be a long-winded announcement
More about security
Data leak

Top home hardware firm data leak could see millions of customers affected
Representational image depecting cybersecurity protection

Third-party security issues could be the biggest threat facing your business
Ninkear MBOX 8 Pro

This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
See more latest
Most Popular
Ninkear MBOX 8 Pro
This mini PC has a detachable docking station that hides a hard drive, and I am not convinced whether it's a good idea
Nintendo Music teaser art
Nintendo Music expands its library with songs from Kirby and the Forgotten Land and Tetris
The iPhone 16 Pro on a grey background
iPhone 17 Pro tipped to get 8K video recording – but I want these 3 video features instead
CoreWeave
Is CoreWeave another WeWork? Blogger who caused Nvidia market capitalization to drop by $600 billion in a day thinks so
Discord Clyde
Discord's game overlay has seen a complete revamp - I've tried it, and it's one of the best updates ever
Swiss flag with view of Geneva city, Switzerland
Secure encryption and online anonymity are now at risk in Switzerland – here's what you need to know
Data leak
Top home hardware firm data leak could see millions of customers affected
An image of Pro-Ject's Flatten it closed and opened
Pro-Ject’s new vinyl flattener will fix any warped LPs you inadvertently buy on Record Store Day
Canon EOS R50 V on a wooden table, alongside the EOS R50
I tried Canon's two new vlogging cameras – here's why the EOS R50 V offers better video value
Canon RF 20mm F1.4L VCM lens on a wooden table, alongside three other Canon hybrid prime lenses
Canon’s new 20mm f/1.4 lens could be the ultimate wide-angle prime for astro photography and video work, but its pricey