Ransomware
McLaren Health Care ransomware attack (INC Ransom)
Primary Source βIncident Details
INC Ransom group (double extortion) gained access 17 July 2024; suspicious activity detected 5 August. All IT systems including EHR taken offline; hospitals reverted to paper charting for ~3 weeks. 743,131 patients notified of PHI exposure including names, SSNs, driver’s licence numbers, medical and insurance information. INC Ransom did not list McLaren on its leak site, suggesting possible ransom payment (unconfirmed). This was McLaren’s second ransomware attack after an INC Ransom incident in October 2023.
Technical Details
- Initial Attack Vector
- unknown
- Vendor / Product
- McLaren Health Care (12-hospital Michigan system)
- Malware Family
- INC Ransom ransomware
Timeline
- 2024-07-17 Breach occurred
- 2024-08-06 Publicly disclosed
- 2025-06-01 Customers notified