McLaren Health Care has disclosed a data breach that occurred between late July and August that exposes sensitive personal information of 2,192,515 people.
McLaren operates 14 hospitals in Michigan, ambulatory surgery centers, imaging centers, a 490-member employed primary and specialty care physician network, commercial and Medicaid HMOs covering more than 732,838 lives in Michigan and Indiana, home health, infusion and hospice providers, pharmacy services, a clinical laboratory network and a wholly owned medical malpractice insurance company.
It became aware of anomalous activity on or about August 22, 2023, and immediately launched an investigation with the help of third-party forensic experts. The investigation revealed that threat actors gained unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023.
Exposed information varied by individual and may include some combination of certain individuals’ names, social Security number, health insurance information, date of birth, and medical information. including billing or claims information, diagnosis, physician information, medical record number, Medicare/Medicaid information, prescription information, diagnostic and treatment information.
McLaren announced to have secured its network and is working to review its existing policies and procedures and to implement additional security measure to protect its infrastructure.
McLaren also notified U.S. authorities and the impacted individuals. McLaren offers to impact individuals with identity protection services for 12 months.
The company recommends impacted individuals to remain vigilant and monitor their bank account activity.