430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

McLaren Health Care revealed that a data breach impacted 2.2 million people

McLaren Health Care (McLaren) experienced a data breach that compromised the sensitive personal information of approximately 2.2 million individuals. McLaren Health Care (McLaren) disclosed a data breach that occurred between late July and August. The security breach exposed the sensitive personal information of 2,192,515 people. McLaren Health Care is a nonprofit health care organization based in […]

McLaren Health Care

McLaren Health Care (McLaren) experienced a data breach that compromised the sensitive personal information of approximately 2.2 million individuals.

McLaren Health Care (McLaren) disclosed a data breach that occurred between late July and August. The security breach exposed the sensitive personal information of 2,192,515 people.

McLaren Health Care is a nonprofit health care organization based in Grand Blanc, Michigan, USA. It is a $6.6 billion, fully integrated health care delivery system committed to quality, evidence-based patient care and cost efficiency. The McLaren operates 14 hospitals in Michigan, ambulatory surgery centers, imaging centers, a 490-member employed primary and specialty care physician network, commercial and Medicaid HMOs covering more than 732,838 lives in Michigan and Indiana, home health, infusion and hospice providers, pharmacy services, a clinical laboratory network and a wholly owned medical malpractice insurance company. 

The company became aware of anomalous activity on or about August 22, 2023, and immediately launched an investigation with the help of third-party forensic experts. The investigation revealed that threat actors gained unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023.

“On August 31, 2023, McLaren learned the unauthorized actor had the ability to acquire certain information stored on the network during the period of access. As part of an ongoing investigation, McLaren undertook a thorough review of the potentially impacted files to determine whether any sensitive information was present. It was through this process, which concluded on October 10, 2023, that McLaren determined that information pertaining to certain individuals may have been included in the potentially impacted files.” reads the notice of data breach sent to the Maine Attorney General.

Exposed information varied by individual and may include some combination of certain individuals’ names, social Security number, health insurance information, date of birth, and medical information. including billing or claims information, diagnosis, physician information, medical record number, Medicare/Medicaid information, prescription/medication information, diagnostic and treatment information.

McLaren announced to have secured its network and is working to review its existing policies and procedures and to implement additional security measure to protect its infrastructure.

The company also notified U.S. authorities and the impacted individuals. McLaren offers to impacted individuals an identity protection services for 12 months.

The company recommends impacted individuals to remain vigilant and monitor their bank account activity.

“While there is currently no evidence that your information has been misused, we recommend that you remain vigilant, monitor and review all of your financial and account statements and explanations of benefits, and report any unusual activity to the institution of record and to law enforcement.” continues the notice. “In addition, we are offering identity theft protection services through IDX, a data breach and recovery services expert. IDX identity protection services offered by McLaren include: <<12 months/24 months>> of credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed identity theft recovery services.”

In early October, 2023, the ALPHV/BlackCat ransomware gang added McLaren Health Care to the list of victims on its Tor leak site. The group claimed to have stolen data belonging to 2.5 million of McLaren Health Care patients.

McLaren Health Care

The ransomware group accused the organization of having attempted to cover up the security breach. The ransomware gang also added that they have still access to the network of the organization.

“It would have been more interesting if a Mclaren representative had talked in an interview about how they asked not to publish the stolen data and skillfully wanted to cover up the fact that their network had been hacked. Mclaren were preparing a way out and ended up devaluing the sensitive data of 2.5 million of their patients. Protecting the privacy and interests of your customers is nothing more than lip service.
Maclaren Your security is at an all-time low, and we’ve proven it to you. Our backdoor is still running on your network, you decided to play with us, we have a great sense of humor too, and we know how to have fun.” See you again……..” reads the message published by the ALPHV gang on its leak site.

The Alphv ransomware group has been very active in this period, recently it claimed to have hacked Clarion, the global manufacturer of audio and video equipment for cars and other vehicles, and the hotel chain Motel One.

The cyber security researcher Dominic Alvieri reported that ALPHV BlackCat Ransomware has breached 15 more US hospitals & 2 HMOs.

BlackCat/ALPHV ransomware gang has been active since November 2021, the list of its victims is long and includes industrial explosives manufacturer SOLAR INDUSTRIES INDIA, the US defense contractor NJVC, gas pipeline Creos Luxembourg S.A., the fashion giant Moncler, the SwissportNCR, and Western Digital.

The ransom demands of the group range from a few tens of thousands of dollars up to tens of millions of dollars.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, McLaren Health Care)