{ "id": "ebd880a5-b050-4ef7-8080-bf362c3d2cc2", "created_at": "2026-04-06T00:07:00.559884Z", "updated_at": "2026-04-10T03:29:39.826116Z", "deleted_at": null, "sha1_hash": "eeb95cd2afd8f89173afbb9274d4c8be4e7022bd", "title": "McLaren Health Care says data breach impacted 2.2 million people", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2809100, "plain_text": "McLaren Health Care says data breach impacted 2.2 million people\r\nBy Bill Toulas\r\nPublished: 2023-11-10 · Archived: 2026-04-05 21:07:27 UTC\r\nMcLaren Health Care (McLaren) is notifying nearly 2.2 million people of a data breach that occurred between late July and\r\nAugust this year, exposing sensitive personal information.\r\nMcLaren is a non-profit healthcare system with an annual revenue of $6.6 billion. It encompasses an extensive network\r\nacross Michigan that includes 14 hospitals with a total bed capacity of 2,624 and is supported by a team of 490 physicians.\r\nThe organization boasts a substantial workforce, with a 28,000 full-time staff. Additionally, it maintains contractual\r\nrelationships with 113,000 providers, extending its reach into Indiana.\r\nhttps://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nMcLaren published a statement on its website about the intrusion and also notified U.S. authorities. The organization also\r\nalerted impacted individuals of the incident.\r\nPer the provided information, McLaren identified a security breach on August 22, 2023. Subsequent investigations,\r\nconducted with the assistance of external cybersecurity experts, revealed that the breach had compromised its systems since\r\nJuly 28, 2023.\r\nEvidence shows that on August 31 an unauthorized threat actor had accessed data and the following data types were\r\nconfirmed to have been exposed by October 10:\r\nFull name\r\nSocial Security number (SSN)\r\nHealth insurance information\r\nDate of birth\r\nBilling or claims information\r\nDiagnosis\r\nPhysician information\r\nMedical record number\r\nMedicare/Medicaid information\r\nPrescription/medication information\r\nDiagnostic results and treatment information\r\nThe specific types of data exposed differ for each individual, depending on the information they shared with the organization\r\nand the services they received.\r\nAll impacted individuals will receive to the email address they provided to McLaren a notification with instructions on\r\nenrolling to identity protection services for 12 months.\r\nMcLaren says it currently holds no evidence that cybercriminals abused the exposed data but urges impacted individuals to\r\nbe cautious with unsolicited communications and keep a close eye on their bank account activity.\r\n“While there is currently no evidence that your information has been misused, we recommend that you remain vigilant,\r\nmonitor and review all of your financial and account statements and explanations of benefits, and report any unusual activity\r\nto the institution of record and to law enforcement.” - McLaren\r\nAlthough the organization does not disclose many details about the cyberattack, it is worth mentioning that the\r\nALPHV/BlackCat ransomware group took responsibility for an attack on McLaren's network on October 4.\r\nhttps://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/\r\nPage 3 of 5\n\nMcLaren claimed by BlackCat ransomware in October (BleepingComputer)\r\nThe threat actors published samples of the data they allegedly stole from McLaren and threatened to auction the entire data\r\nset that they claim to impact 2.5 million people.\r\nhttps://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/\r\nPage 4 of 5\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/\r\nhttps://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/\r\nPage 5 of 5", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/mclaren-health-care-says-data-breach-impacted-22-million-people/" ], "report_names": [ "mclaren-health-care-says-data-breach-impacted-22-million-people" ], "threat_actors": [ { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434020, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/eeb95cd2afd8f89173afbb9274d4c8be4e7022bd.pdf", "text": "https://archive.orkl.eu/eeb95cd2afd8f89173afbb9274d4c8be4e7022bd.txt", "img": "https://archive.orkl.eu/eeb95cd2afd8f89173afbb9274d4c8be4e7022bd.jpg" } }