- The dental workforce trends that will dominate 2026
- Federal Medicaid cuts threaten dental care access: See the potential impact by state
- Children’s Mercy raises $150M for mental healthcare
- California awards $291M to expand behavioral health housing, services
- Think bigger – Turning AI from Trends to Long-Term Transformation
- UnityPoint Health hospital names market chief nursing officer
- OhioHealth builds well-being programs to reshape caregiver culture
- Washington hospital staff vote ‘no confidence’ in management company
- U of Mississippi Medical Center restores phone lines after cyberattack
- 13 health system IT leadership moves
- How health systems are repositioning informatics
- Mississippi hospital names COO
- Ex-Amazon Health leader joins Spotify founder’s health tech startup
- Know the True Value of Your Lab When an Offer Is on the Table
- U of California offers 32% wage hike in union talks
- UF Health taps new outpatient senior VP
- UAMS names new director of cardiovascular medicine division
- CMS’ add-on billing code boosts specialist pay: Study
- Lawmakers introduce bill to reverse Medicaid cuts, expand Medicare benefits
- Florida medical center to expand with ASC
- New Jersey woman charged with practicing unlicensed dentistry
- CMS extends hospital-at-home waivers for 5 years: What ASCs need to know
- 100+ organizations call on CMS to revise 2027 MA rates
- The retention breakthrough anesthesia needs
- Oklahoma advances interstate compact bill
- Brown University Health names new chief of cardiac surgery
- UNC Health Appalachian offers psychiatric physician training program
- Former PepperPointe Partnerships COO joins DPO
- The Smilist expands into Virginia
- Physician-led orthopedic ASC opens in Florida
- Colorado Medicaid ABA audit finds $77.8M in improper payments
- Georgia opens 30-bed forensic mental health unit to ease jail backlog
- Pennsylvania county cuts ribbon on $19.8M mental health diversion center
- Outpatient cardiology’s CMS whiplash
- 12 new ASCs in February
- UHS to roll out behavioral health revenue cycle AI tools in 2026
- UHS to roll out behavioral health revenue cycle AI tools in 2026
- 15 dentists making headlines
- CMS to suspend enrollment into Elevance’s Medicare Advantage plans
- Report: Most states investing in value-based care with Rural Health Transformation Program
- U.S. Tops 1,100 Measles Cases This Year as Outbreaks Grow
- FDA To Offer Cash Bonuses for Faster Drug Reviews
- 10 providers seeking RCM talent
- PDS Health added de novos across 3 states in February
- Novant posts 4.8% operating margin in 2025
- 'One2PrEP': Gilead's 1st Yeztugo DTC ad reimagines hit song to highlight biannual dosing
- Cleveland Clinic posts $913M operating income, 5% margin — 7 things to know
- Former Optum CEO Heather Cianfrocco to depart UnitedHealth Group
- New Drug, Acoziborole, Could Boost Efforts to Wipe Out Sleeping Sickness
- Chocolate Male Supplement Recalled Over Hidden Erectile Dysfunction Drug
- Clinician Engagement: The Operating Lever Behind Margin and Throughput
- Your Anesthesia Subsidy: Key Questions Every Hospital C-Suite Must Answer
- Amid unfolding Middle East war, pharma giants keep close eye on employee safety, supply chains
- CMS set to suspend enrollment in Elevance Health's Medicare Advantage plans
- Kennedy adds 2 new members to CDC’s vaccine panel ahead of delayed meeting
- Kennedy adds 2 new members to CDC’s vaccine panel ahead of delayed meeting
- Urban Traffic Noise Disrupts Sleep, Affects Heart Health After One Night
- Hormone Therapy Might Be Unnecessary For Some Prostate Cancer Patients
- Benzodiazepine Use Down In U.S., But OD Risk Remains, Study Says
- GLP-1 Drugs Might Ease Chronic Migraine, Study Says
- Blood Test Reveals Alcohol-Related Liver Disease
- Telemedicine Visits Cost Five Times Less Than In-Clinic Care
- Families Defend Disability Services Amid Medicaid Cuts
- Medicaid Is Paying for More Dental Care. GOP Cuts Threaten To Reverse the Trend.
- Bavarian Nordic CEO to follow board chair out the door after failed private equity takeover
- Ascendis gains more altitude with FDA approval for dwarfism drug Yuviwel
- CDMO Quotient extends Ipsen supply pact for rare disease drug Sohonos
- Quest Diagnostics launches Google-powered AI chatbot to help patients understand lab results
- Tennr takes aim at phone call bottlenecks as it builds out automation for patient referral process
- DoseSpot, Arrive Health merge to combine prescribing tools with pharmacy, medical benefit data
- Why Digital Tool are Needed to Cope with Increasing Pressures in MedTech Innovation
- Why Digital Tool are Needed to Cope with Increasing Pressures in MedTech Innovation
- Electronics Pollution Pose Added Threat to Endangered Dolphins, Porpoises
- Flea And Tick Pills May Pose Environmental Risks, Study Finds
- ICE, ALS, Addiction Medicine, and Robotic Ultrasounds: Journalists Sound Off on All That and More
- 11 behavioral health executive moves to know
- 3 behavioral healthcare M&A deals in 2026
- Anthem Blue Cross of California pushes E/M downcoding policy to April
- Iowa dentist surrenders license
- Temple University gets approval for $3.19M rural dental clinic
- A Canadian Hospital Scoops Up Nurses Who No Longer Feel Safe in Trump’s America
- Statement on the Adoption of Final Rules Under the Holding Foreign Insiders Accountable Act
- Statement on Final Rules for the Holding Foreign Insiders Accountable Act
- State Medicaid budgets to weather $664B reduction through 2034 due to OBBBA: RAND
- Clover Health CEO said company sees opportunity in complex MA environment
- How pharma marketers are capturing the power of podcasts to connect with consumers
- Cigna's Evernorth quietly acquires hospital pharmacy CarepathRx
- Walgreens debuts virtual weight management clinic with access to GLP-1 meds
- New Obamacare Rules Could Raise Deductibles to $31K For Families
- Study Suggests One Common Amino Acid May Affect How Long Men Live
- Merck to wind down Gardasil production at N.C. plant, lay off 150-plus
- Walmart Great Value Cottage Cheese Recalled Over Pasteurization Issue
- Chris Bosh Says He’s 'Lucky To Be Alive' After Sudden Health Scare
- Patrick Kennedy: Collab with MAHA is essential to address mental health crisis
- Lilly debuts Nvidia supercomputer with fanfare and focus on escaping traditional pharma lifecycle
- Alignment CEO John Kao offers measured response to proposed 2027 MA rates
- Sanofi, Genentech, Kedrion back star-studded bleeding disorder awareness campaign
- Op-ed: Our patients deserve better safety reporting. AI could be the answer
- After CHMP nod, Moderna CEO applauds EU's 'rigorous scientific review'
- UCB's fast-growing Bimzelx leaps across blockbuster sales threshold as HS momentum builds
- How the Brain Learns to Have Seizures During Sleep
- Blood Test Can Predict Short-Term Survival Among Seniors
- Why Turning 19 Spikes Medicaid Loss for Millions
- Crash Course Might Speed Brain Stimulation Treatment For Depression, Study Suggests
- Wildfire Smoke Linked To Increase In Violent Assaults
- More Parents Are Refusing A Life-Saving Shot For Their Newborns, Study Finds
- He Needs an Expensive Drug. A Copay Card Helped — Until It Didn’t.
- To Avoid Care Disruptions, Know When the Clock Runs Out on Your Prior Authorization
- As SCOTUS takes on 'skinny label' review, top US lawyer sides with generics maker
- Lake Nona Impact Forum: There can't be longevity without tech
- Fierce Pharma Asia—China deal growth; Daiichi's new CMO; Astellas-Vir bispecific tie-up
- Autoimmune CAR-T: Navigating the FDA’s new regulatory playbook
- FDA Approval for BIOTRONIK Solia CSP S Pacing Lead For LBBAP
- FDA Approval for BIOTRONIK Solia CSP S Pacing Lead For LBBAP
- Catalyst OrthoScience gets FDA 510(k) Clearance of Archer® Patient-Specific Instrumentation for Shoulder Arthroplasty
- Catalyst OrthoScience gets FDA 510(k) Clearance of Archer® Patient-Specific Instrumentation for Shoulder Arthroplasty
- Smith+Nephew signs distribution agreement with SI-BONE
- Smith+Nephew signs distribution agreement with SI-BONE
- Quantum Surgical Acquires NeuWave Medical, Inc.
- Quantum Surgical Acquires NeuWave Medical, Inc.
- How Pharma is Expanding its Global Footprint to Advance Clinical Research
- Partnering to Advance Drug Delivery Innovation
- What the Health? From KFF Health News: What About the State of Health?
- Teladoc Health reports slower growth, offers cautious 2026 outlook as it shifts telehealth model
- CFO Mark Kaye to take the helm at Carelon in leadership shake-up at Elevance Health
- Insurance groups say proposed flat Medicare Advantage rates fail to meet the moment
- Health Gorilla urges court to toss lawsuit filed by Epic, health systems
- Stryker launches Synchfix™ EVT, expanding options for flexible syndesmotic fixation
- Stryker launches Synchfix™ EVT, expanding options for flexible syndesmotic fixation
- Democrat-Led States Sue Trump Administration Over Cuts to Childhood Vaccine Schedule
- CDC Vaccine Advisory Panel To Revisit COVID Shot Safety Next Month
- Frozen Blueberry Recall Issued Across Four States for Listeria
- Boehringer's Hernexeos secures speedy first-line expansion in FDA's 2nd national priority nod
- 'Like talking to a brick wall': Senate hearing takes aim at FDA's rare disease review process
- After delay, CDC vaccine panel sets new dates to discuss long COVID and mRNA shot safety
- Decision Criteria for Technology Commercialization of Medical Devices in 2026
- Decision Criteria for Technology Commercialization of Medical Devices in 2026
- Cientos de enfermeros estadounidenses dejan atrás el Estados Unidos de Trump y eligen trabajar en Canadá
- Continuous Cardiac Monitoring: Redefining the “End” of a Clinical Study?
- Continuous Cardiac Monitoring: Redefining the “End” of a Clinical Study?
- Could Drone-Delivered Defibrillators Save Lives?
- Inflammation Linked To Brain Damage, Memory Problems Among Football Players
- Early Birds, Active Folks Less Likely To Develop ALS
- Disasters Can Affect Mental Health A Decade Later, Review Finds
- AI Chatbots Can Contribute To Worsening Mental Illness, Study Finds
- Newborns Exposed to More ‘Forever Chemicals’ Than Once Thought
- Study Highlights Unique Parenting Struggles of Younger Patients With Heart Disease
- Altman-backed startup Verifiable rolls out AI agent to automate credentialing
- ‘You Aren’t Trapped’: Hundreds of US Nurses Choose Canada Over Trump’s America
- ‘Kind of Morbid’: Health Premiums Threaten Their Nest Egg. A Terminal Diagnosis May Spare It.
All 13 McLaren hospitals and their ancillary facilities, including the Karmanos Cancer Institute facilities, are experiencing a common cyberattack. The McLaren IT systems are down and all of them are reduced to legacy paper systems:
McLaren confirms cyberattack across its 13 Michigan hospitals, physician network
By Kristen Jordan Shamus - August 6, 2024For the second time in a year, cybercriminals have attacked McLaren Health Care's technology platforms, the Grand Blanc-based health system said Wednesday afternoon, confirming the cause of a disruption earlier this week to all 13 of its Michigan hospitals, surgery, infusion and imaging centers along with its network of 113,000 medical providers throughout Michigan, Indiana and Ohio.
"McLaren Health Care can now confirm the disruption ... was the result of a criminal cyber attack," said a statement sent to the Free Press. "Our information technology team continues to work with external cyber security experts to analyze the nature of the attack and mitigate the impacts of the threat actors. At this time, we have not determined if any patient or employee data was compromised."
The disruption began early Monday, and crippled some parts of the system's operations.
For a short time, ambulances were diverted from McLaren Port Huron Hospital, and some appointments had to be canceled because physicians couldn't access radiology reports, lab test results or orders for additional testing and procedures.
"Immediately after becoming aware of the attack, our hospitals and outpatient clinics instituted downtime procedures to ensure care delivery within our facilities," the McLaren statement said. "Several information technology systems continue to operate in downtime procedures while we work to fully restore functionality to our system. We have policies and procedures in place and train for information technology disruptions. We are grateful for the response from our frontline caregivers and staff who have come together to provide care under these circumstances."
No estimate was given for how long the disruption will last, and spokesperson David Jones did not answer questions from the Free Press about whether this incident involved ransomware and whether it was related to last year's cyberattack from the ransomware gang known as BlackCat/AlphV.
"Currently, our facilities are largely operational and able to care for our communities and will continue to do so until operations are fully restored," the updated statement said. "Our emergency departments continue to be operational, most surgeries and procedures continue to be performed, and our physician offices continue to see as many patients as possible. During this time of limited access to our systems, and out of an abundance of caution, some non-emergent appointments, tests, and treatments are being rescheduled.
"In addition, we are also actively working with our vendor partners and insurance providers to ensure our supply chain is not impacted and insurance authorizations are processed for care and treatments."
About 730,000 people are enrolled in McLaren's insurance plans in Michigan and Indiana. It also provides hospice care and pharmacy services, and operates clinical laboratories.
More:McLaren Health Care's Michigan hospitals hit by 'disruption' to computer, phone systems
The health system advised patients to keep their previously scheduled appointments unless the medical provider asks them to reschedule. It also asked patients to bring paper copies of the following to all appointments:
- A list of current medications or prescription bottles
- Printed physician orders for imaging studies or treatments
- Printed results of recent lab tests, if available, via the McLaren or Karmanos patient portal
- A list of allergies
In late August 2023, McLaren shut down its computer network in response to a ransomware attack that potentially leaked patient data onto the dark web.
A ransomware gang known as BlackCat/AlphV claimed responsibility then, posting online that it stole 6 terabytes of McLaren's data, including the personal information of 2.5 million patients.
Cyberattacks and the data breaches that often accompany them are a growing problem in health care, not only exposing the protected health data of patients but also affecting the ability to provide health care.
More:Cyberattack hits Ascension hospitals' computer networks: 'It's affecting everything'
Last year alone, 725 data breaches were reported to the U.S. Department of Health and Human Services Office for Civil Rights and more than 133 million records containing protected health data were exposed, according to the HIPAA Journal.
A cybersecurity breach in May that struck all 140 Ascension hospitals in the U.S., including in Michigan, forced the Catholic, nonprofit health system to postpone or cancel some appointments, divert ambulances to other hospitals and cut off electronic access to medical records, lab test results, radiology imaging and even impaired the ability for doctors to issue medical orders.
Our feckless Attorney General hasn't been able to find or prosecute any of the cybercriminals who have made a mess of our health care system, but her office does offer advice to victims and potential victims:
AG Nessel Alerts Consumers of Ways to Protect Their Data After McLaren Cyber Attack
By Danny Wimmer - August 09, 2024
LANSING – Michigan Attorney General Dana Nessel is reminding residents about consumer protection tips in the wake of McLaren Health Care’s most recent IT disruption.“These events serve as a clear warning that our most private information is under constant threat from cybercriminals,” said Nessel. “I encourage everyone to be diligent in safeguarding their accounts and to be on the lookout for any indications of personal data exploitation. Unfortunately, at this time information is scarce as to what information may have been exposed. While more than 30 other states have laws requiring State notification of significant breaches, Michigan is not among them, and consumer protection agencies like ours often only learn of these attacks by media reporting.”
Nessel wants consumers to understand the importance of protecting their medical information after a data breach and to recognize the warning signs that may indicate someone is using their information. Affected individuals should watch out for:
- A bill from your doctor for services you didn’t receive.
- Errors in your Explanation of Benefits (EOB), like services you never received or medications you don’t take.
- Calls from debt collectors about medical bills you don’t owe.
- Medical debt collection notices on your credit report that you don’t recognize.
- A notice from your health insurance company saying you’ve reached your benefit limit.
- Denied insurance coverage due to a pre-existing condition you don’t have.
A statement on McLaren’s website indicates the disruption, which was reported on Tuesday, August 6, was the result of a “criminal cyber attack.” McLaren’s statement goes on to indicate its facilities are “largely operational,” but admits it has limited access to its systems.
In October of last year, McLaren was the victim of another attack by a cybercriminal gang known as BlackCat/AlphV, which claimed to have stolen the sensitive personal health information of 2.5 million McLaren patients. Approximately 2,148,749 Michigan residents were sent data breach notice letters advising that certain of their personal information may have been impacted.
McLaren Health Care is a 13-hospital integrated healthcare system based in Grand Blanc, Michigan. Among its facilities is Michigan’s largest network of cancer centers and providers.
If you receive a notification letter or hear about a data breach at one of your medical providers, take these steps to secure your medical and financial accounts:
- Change the passwords on any medical portals you use.
- Check your EOBs from insurers carefully.
- Contact your bank and credit card issuers to place an alert on your accounts.
For more information on how to respond to data breaches, read Attorney General Nessel's consumer alert, Data Breaches: What to Do Next.
If consumers are concerned that their data may have been impacted, they can also consider freezing their credit. A credit freeze prevents creditors—such as banks or lenders—from accessing individuals’ credit reports. This will stop identity thieves from taking out new loans or credit cards in consumer’s names because creditors will not approve their loans or credit requests if they cannot first access their credit reports. By law, a credit bureau must allow you to place, temporarily lift, or remove a credit freeze for free.
When consumers freeze their credit with each bureau, the bureaus will send them a personal identification number. The consumers can then use that PIN to unfreeze their credit if they want to apply for a loan or credit card. Consumers can also use the PIN to freeze their credit again after they have applied for loans or a new credit card.
Individuals will have to freeze their credit with each bureau: Experian, Equifax, and TransUnion.
- Equifax: +1 (888) 766-0008
- Experian: +1 (888) 397-3742
- TransUnion: +1 (800) 680-7289
Cyber attacks in the healthcare sector have been increasing, as well as the severity of the data breaches. The largest data breach in 2023 compromised over 8 million records. In 2022, eight out of the eleven biggest data breaches happened at hospitals or health systems.
Ransomware is one of the most common threats against healthcare organizations. The FBI received 870 complaints of ransomware attacks last year—210 of them from healthcare entities, more than any other sector.
The healthcare industry is highly targeted by cyber attacks because of the large amount of Personal Health Information stored on its systems. These data breaches are costly, with the average breach costing over $11 million to fix.
The McLaren attack comes only months after a ransomware attack on the St. Louis-based Catholic healthcare system Ascension, which operates 15 hospitals in Michigan, and only weeks after Michigan Medicine announced that up to 56,953 patients may have had some health information compromised when employee emails were hacked between May 23 and May 29, 2024.
McLaren has not provided a date for when its systems will be fully functional again.
McLaren Completes Its Internal Investigation
Ten months later, McLaren reveals 740,000 impacted by ransomware attack
A sign for McLaren Medical Laboratory in Flint, Michigan.
By Eli Newman - June 26, 2025* Last summer, hackers accessed sensitive patient information at McLaren Health Care, including medical records and Social Security numbers
* The 12 hospital system concluded an internal review of the cybersecurity breach on May 5 and recently started to inform affected individuals
* The breach was the second in two yearsAfter 10 months, McLaren Health Care has begun to notify more than 740,000 patients that had sensitive personal data and health records exposed during the hospital system’s August 2024 ransomware attack.
The extent of the data extortion scheme, which delayed critical care for chronically ill patients at the Karmanos Cancer Institute and facilities across the state, came to light in recent days as the 12-hospital system based in Grand Blanc posted notice on its website and informed state agencies about the incident.
The cyberattack revealed a range of private files to a group of hackers who use patient data as criminal collateral, including individual medical history, treatment information, Social Security numbers, health insurance and medication records.
Dave Jones, a spokesperson for McLaren, said the hospital system completed its internal investigation with a third-party forensic specialist on May 5 when it determined sensitive patient data had been illegally accessed.
He says the health care system has “followed all regulatory reporting guidelines.”
“Protecting the security and privacy of data in our systems is a top priority,” Jones told Bridge Michigan in an email.
“While there is no evidence of actual or attempted misuse of personal information as a result of the incident, McLaren has begun the process of notifying patients whose data may have been impacted by the event and offering complementary identity protection out of an abundance of caution.”
Federal law requires breaches of protected health information affecting more than 500 people to be reported "without unreasonable delay" and no later than 60 calendar days after discovery.
The US Department of Health and Human Services, which maintains a database of health record breaches required by law, had not posted McLaren’s most recent cybersecurity failure as of June 26.
The agency declined to comment to Bridge Michigan on McLaren.
The Michigan Attorney General’s Office did not respond to Bridge request for comment on the agency’s awareness of the breach or McLaren’s obligation to inform those impacted by the security failure.
It’s the second such ransomware attack for McLaren since October 2023, when the personal health information of at least 2.5 million patients were exposed by the hacker gang BlackCat/ALPHV.
In previous statements, Attorney General Dana Nessel said state law does not require companies to notify the government of significant data breaches, with her office generally learning about consumer-impacting cyberattacks through media reports.
According to the latest available data, the US Department of Health and Human Services Office of Civil Rights is currently reviewing 28 leaks in the state, including those at Michigan Medicine and Catholic Charities West Michigan.
The investigations cover more than 800,000 individuals.
Hacker threats
McLaren has not specified the actors behind the attack, or its response to the extortion scheme, but cybersecurity watchdogs have linked the ransomware breach to the Inc. Ransom cybergang.
Memos reportedly obtained by employees allege the hacker group wanted “nothing more than money” as part of the scheme.
Claudia Rast, a cybersecurity attorney with the Detroit-based law firm Butzel Long, said patient data from ransomware attacks generally end up on the dark web, where the records become available to anybody who wants to buy.
“It’s like a ‘Star Wars’ bar,” Rast told Bridge Michigan. “You don’t want to go there.”
The aftermath of a cyberattack is a “fairly chaotic situation,” Rast explained, with groups like McLaren working first to identify the vulnerabilities that lead to a breach before identifying what exactly was accessed during the hack.
Figuring out which data was taken by groups like Inc. Ransom and BlackCat/ALPHV requires extensive internal audits and data mining processes that often span weeks.
“The threat actors don't label with an Excel spreadsheet… what they took,” she said.
While companies generally employ legal counsel to ensure their compliance with state law and federal statutes like the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act, Rast says their biggest expense is usually the mailing campaigns that follow to inform impacted individuals.
“More often these days, companies have good backups, so they can restore their systems over time,” Rast said. “It's notification and the forensic work that seems to be the greater cost.”
What can patients do?
As part of its consumer alert, McLaren is urging patients to monitor and review their financial statements and insurance claims, offering free credit monitoring and services through the identity theft protection company IDX.
Credit freezes can also help stop identity theft, and companies like Equifax and TransUnion offer a one-year, free fraud alert to monitor for suspicious activity.
But consumer advocates, like Suzanne Bernstein with the privacy protection advocacy group the Electronic Privacy Information Center, worry that breaches like those experienced by McLaren risk “chilling access to health care” as hacking attacks become more frequent.
“We’re often seeing reporting of the breach of really sensitive health information from hospital systems,” said Bernstein. “There's just an increased amount of data collection, which only increases the risk that data has to unauthorized use or breach.”
Bernstein said she worries about a “broader societal harm” as more health information is digitized, advocating for “data minimization” — which requires entities to limit collection based on need.
She highlighted litigation targeting hospital systems’ use of cookies and third-party ad trackers as examples of efforts to challenge data sharing outside of the patient-provider relationship, and advocates for more robust state and federal law that protects health information.
“I think having sectoral but also comprehensive privacy, cybersecurity requirements on the federal level would be great,” Bernstein said. “I sympathize with the reaction of feeling a little helpless as one person compared to a much larger, broader system.”
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
Sponsors
Friends of MHF
Kirsten DeVries
Tom & Karen Nunheimer
Steve Ahonen
Ron & Faith Bosserman
Marlin & Kathy Klumpp
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
