Michigan-based McLaren Health Care has disclosed a significant data breach affecting 743,131 individuals after a ransomware attack compromised its systems in July and August 2024. This incident is the second major breach for the organization in recent years, following a 2023 attack that impacted over 2 million people.
Timeline and Discovery
According to McLaren, hackers accessed McLaren’s network between July 17 and August 3, 2024.
• Discovery: Suspicious activity was detected on August 5, 2024, affecting computer systems at both McLaren and its affiliate, the Karmanos Cancer Institute. The breach was officially disclosed to the Maine Attorney General’s Office on June 20, 2025, with written notifications sent to affected individuals beginning the same day.
The incident was a ransomware attack, reportedly involving the INC Ransom group, although McLaren’s official notification did not explicitly name the group or detail ransom demands. IT systems across 13 hospitals, cancer treatment centers, surgery centers, and clinics were impacted. Some locations had to divert ambulances, and patient appointments were delayed or rescheduled. Employees also reported payroll issues during the disruption.
Data Compromised
The breach exposed a wide range of sensitive information, including:
• Names
• Social Security numbers
• Driver’s license numbers
• Medical information
• Health insurance information
Previous Incidents and Unanswered Questions
This breach follows a 2023 ransomware attack by the ALPHV/BlackCat group, which exposed data for over 2 million individuals. The recurrence of such incidents highlights ongoing cybersecurity challenges in the healthcare sector.
It remains unclear whether McLaren paid a ransom in this latest incident. No data from the 2024 attack has been publicly leaked, which may suggest a payment was made, but there is no confirmation from McLaren. Details about how the attackers gained access have not been disclosed.
