- Albany Med Health System eyes affiliation with Ellis Medicine
- 1.4 million patients, 7 health systems caught in AI company data breach
- Banner Health clinicians file to unionize
- New Hampshire system names new chief strategy officer
- 8 recent studies on AI in diagnosis and clinical reasoning
- HHS launches Operation TrailBlazer to speed clinical trials: 5 notes
- Iowa 1st to fully allocate year 1 rural health funds
- ‘I would love to tell Mark Cuban to get involved’: What physician consolidation is costing patients
- Illinois passes bill regulating dental reimbursement practices
- The shifting dental care landscape
- Duke Health names ophthalmology chair
- Health insurer CEOs could face criminal liability for denials that lead to injury, death under Pennsylvania bill
- Texas hospital taps new COO
- Harvard to end faculty dental practice, transfer clinic to private owner due to financial constraints
- A physician’s plan to bring back practice autonomy to South Carolina
- Cardiologists push back on expansion of WISeR model
- Are ASCs ready for CMS’ new oversight rules?
- MCNA Dental agrees to multimillion-dollar settlement over 2023 ransomware attack
- Former Iowa dental office employee accused of using patient financial information for personal purchases
- Optum Behavioral Health names chief medical officer
- Stark law’s $632 million reckoning: The 5 biggest cases in 5 years
- ASCs’ robot evidence problem
- United Concordia expands dental coverage for patients with chronic conditions
- Who’s winning, losing the physician practice acquisition race?
- OIG flags Pennsylvania behavioral insurer for faulty prior auth denials
- Independence Health to open 28-bed behavioral health unit
- ICON Dental Partners appoints VP of dental partnerships
- These 'socially responsible' hospitals deliver on quality, value and equity
- Heartland Dental adds Missouri practice
- 4 dentists making headlines
- Growing ketamine use raises safety concerns
- AI’s growing role in mental healthcare: 5 notes
- Does ASC consolidation have a ceiling?
- Washington lawmakers eye corporate medicine ban after Oregon’s PeaceHealth test
- Pennsylvania cardiology group opens new $8.2M ASC
- Patient portal messages doubled since 2020, study finds, underscoring challenges to physician workloads
- Clover Hill Dairy Recalls All Cheese in Deadly Listeria Outbreak
- Ensemble Health Partners secures strategic growth investment from Thoreau
- Hospital margins inched higher in April, but still remain below 2025
- Middle-Aged Women Drink More, Know Less About Breast Cancer Risk
- CMS Proposes TAVR Medicare Coverage is Potential Boost for Edwards Lifesciences
- CARsgen makes history as China approves world's first CAR-T therapy for solid tumors
- High Hurdles Thwart Kidney Patients' Pursuit Of Life-Saving Transplants
- Rising Healthcare Costs Leave Many Americans Less Secure
- Short Videos Help First-Time Dads Learn Newborn Safety Basics
- Federal Push To Increase U.S. Primary Care Docs Has Fizzled, Study Says
- US to investigate Germany's proposed drug spending reforms
- Alnylam scolded over promotional activity after Pfizer complaint
- They're Uninsured After Obamacare Became Too Costly. And They're Far From Alone.
- Indiana Takes On Powerful Hospitals by Capping Prices They Charge Employers
- Prosper AI lands $30M backed by Andreessen Horowitz to build AI workforce for healthcare operations
- Eli Lilly, Novo Nordisk top AI citation share as new report questions DTC spend culture
- Fish Oil Supplements May Be A Bust For Alzheimer's Prevention
- Prehab Can Boost Seniors' Recuperation From Spinal Fusion Surgery, Trial Finds
- Dog Owners Feel Similar Grief Whether Pets Euthanized, Die Naturally
- Ozempic Might Cut Risk Of Broken Bones, Study Says
- Massage Guns Can Cause Eye Damage, Vision Loss, Case Report Warns
- A 5-month sprint: Behind Pfizer’s $10B deal and Innovent’s global pharma ambition
- 1st free dental clinic opens in New Jersey
- 8 new behavioral health projects to know
- Oregon prosecutors urge state to fix mental health system
- The case for layering behavioral healthcare models
- Rural, independent Kansas hospitals launch clinically integrated network
- 12 behavioral health services, facility closures | 2026
- Higher, short-acting opioid doses linked to 8% lower discharge risk: 4 notes
- FTC orders Aurobindo to divest 4 drugs to complete $250M Lannett acquisition
- Congressional Budget Office calls for more research on No Surprises Act unintended impacts
- HHS opens applications for $700M in mental health, addiction funding, with $96M for new STREETS program
- Ebola Infections Climb, Could Take Year To Contain, Health Officials Say
- Why a deviation investigation still takes two weeks in the age of AI
- Feeling Sleepy During the Day? It Could Be a Warning Sign for High Blood Pressure
- FTC, states sue transgender health association over 'misleading' gender care guidance
- Healthcare organizations still struggle to operationalize AI at scale: Arcadia survey
- Pfizer hunts for new CFO as Denton prepares to hang up gloves, wave goodbye to pharma
- Major League Pitchers Might Avoid Elbow Injuries By Altering Their Approach, Simulation Suggests
- Birth Control Pills Might Increase Binge Eating Risk, Study Finds
- Women Might Lower Their Heart Risk By Lifting Weights, Study Says
- Personalized Brain Implant Provides Step-By-Step Walking Boost For Parkinson's Patients
- Amid industry’s cell therapy automation push, Cellares and Ori dominate the field: report
- Most Americans Are Surviving Cancer. But The Mental Health Challenges Can Persist.
- Listen to the Latest ‘KFF Health News Minute’
- Sandwiched Between Caring for Kids and Aging Parents? Reach Out for Resources
- Arrests of Immigrant Parents Create Mental Health Crisis for Children
- Readers Curse Medical Debt and Defend Spelling Therapy
- Novo's success with oral Wegovy has been fueled by 'familiarity': Spherix
- Preparing for LEAD: Why post-acute visibility is the key to long-term value-based success
- One Medical Seniors reports data breach of third-party vendor impacting 'limited' number of patients
- A look at Epic's long-term play to build tech for operations, starting with scheduling
- U.K. Moves To Ban Social Media For Children
- Pregnant Woman Exposed to 45 Common Chemicals, Study Finds
- OhioHealth reaches settlement with DOJ, Ohio AG on antitrust lawsuit
- 4 years after snub, GSK partnership helps Spero get Utebzi across FDA finish line
- Despite 'decent' data, Verastem rethinks options for approved oncology combo in pancreatic cancer
- OIG report raises red flags about maternal health 'ghost networks' in Medicaid managed care
- Why It’s Time to Sunset AI Point Solutions and Consolidate Platforms
- Lantern, Marathon Health team up to launch integrated care management model
- The New Frontier of Care Management: Bridging the Empathy Gap with Intelligence
- Novo Nordisk opens Czech plant and unveils $29M upgrade to China facility
- Whoop, HealthEx partner to connect members’ medical records and biometric data
- GSK runs first DTC ad for would-be asthma blockbuster Exdensur
- Novo security breach claimed by hacking groups seeking multi-million-dollar ransoms: reports
- After FDA sign-off, Colorado's drug import plan faces tough road ahead
- Lower Risk Of Death, Clots Among Autoimmune Patients Taking GLP-1 Drugs
- Surgical Menopause Tied To Worse Sexual And Urinary Symptoms
- Post-Op Delirium Common In Seniors, But Not All Hospitals Screen For It
- Nortiva purrs into action with long-acting Lynx platform salvaged from Langer startup
- Why one life insurer is going big on health incentives
- Weekly Rundown: Lumeris adds symptom-checking tool to AI platform; DeepIntent rolls out agentic AI tool for healthcare marketers
- Before you build or buy care navigation AI, answer this
- Early-Onset Cancers Are On The Rise. Knowing Your Family History Is Crucial.
- Minimally Invasive Procedure Eases Arthritis Knee Pain, Study Finds
- Tennessee Pharmacies Sell Potent Ivermectin, Led by Anti-Vaccine Doctor Who’s Taken ‘Bucketloads’
- Democrats Seek To Spotlight Rising Health Costs by Forcing Vote on Trump Regulation
- More Americans Are Surviving Cancer. But the Mental Health Challenges Can Persist.
- Health services deal value holds steady in 2026 with higher bar for investment: PwC
- Big Pharma’s Big Brand: Inside Eli Lilly’s marketing culture
- CDC, FDA Tackle New World Screwworm, Including Drug Authorization
- 'Biopharma ecosystem is back to full health,' fueled by M&A: PwC
- Lifestyle Changes Can Reduce Your Risk For Multiple Chronic Diseases
- FDA, UK drug regulator deepen transatlantic ties with new liaison program
- People Walk, Exercise Less After Starting Ozempic, Zepbound
- Family Finances Shape Children’s Brain Development, Study Finds
- At-Home Blood Pressure Monitoring Reduces Risk of Heart Attack, Stroke
- Moderna hires Novartis vet to lead commercial, upsizes role for Hoge as potential launches loom
- Long-Awaited Rule Aims To Boost ACA Choices While Embracing Higher Deductibles
- Many Men Are Prescribed Testosterone Without Proper Testing
- Early-Onset Cancers Are on the Rise. Knowing Your Family History Is Crucial.
- Backed by Threat of Clawbacks, Feds Wield Tight Grip on $50B Rural Health Fund
- Recipharm channels ‘multi-million-dollar' US manufacturing upgrade, targeting domestic biologics demand
- Organic Baby Formula Recalled Following Botulism Cases
- FDA Approves First Over-the-Counter Glucose Monitor for Children, The Stelo Glucose Biosensor System
- You've Won The Game
- Many Patients Stop And Restart GLP-1 Meds, Study Finds
- Half Of U.S. Parents Track Their Adult Children’s Location
- Taking GLP-1s While On BP Meds May Up Your Risk Of Dizzy Spells, Fainting
- Trust In CDC Plummets Under Trump Administration, New Poll Shows
- Remarks to the US-CEE Connection: Transatlantic Challenges in Law, Business & Policy
- Statement Regarding Minimum Pricing Increments and Access Fee Caps
- Statement at the SEC Open Meeting on the Trade-Through Rule and Locked and Crossed Markets Provisions of Regulation NMS
- Disorder Protection Rule: Statement on the Proposed Amendments to Rule 611 and Other Provisions of Regulation NMS
- Statement on the Proposed Amendments to Regulation NMS
- Beyond China and Japan: How biopharma is expanding rare disease access across Asia-Pacific
- This Old House: Improving and Remodeling Our Registered Offering and Filer Status Regimes
- Peirce Out: Remarks at the U.S. Chamber of Commerce Capital Markets Summit
- Medtronic Advances Hugo Robotic Surgery Platform with Key FDA Filings and Product Approvals
- Medtronic Posts Strongest Revenue Growth in a Decade, Driven by Cardiovascular and Surgical Businesses
- Boston Scientific Plans Indiana Distribution Center, 300 New Jobs
- “Harmonization: We’ll Have Lots to Talk About”
- Remarks at the Investor Advisory Committee Meeting
- A Quarter for Your Thoughts: Remarks at the Meeting of the SEC Investor Advisory Committee
Michigan healthcare freedom community forum
All 13 McLaren hospitals and their ancillary facilities, including the Karmanos Cancer Institute facilities, are experiencing a common cyberattack. The McLaren IT systems are down and all of them are reduced to legacy paper systems:
McLaren confirms cyberattack across its 13 Michigan hospitals, physician network
By Kristen Jordan Shamus - August 6, 2024For the second time in a year, cybercriminals have attacked McLaren Health Care's technology platforms, the Grand Blanc-based health system said Wednesday afternoon, confirming the cause of a disruption earlier this week to all 13 of its Michigan hospitals, surgery, infusion and imaging centers along with its network of 113,000 medical providers throughout Michigan, Indiana and Ohio.
"McLaren Health Care can now confirm the disruption ... was the result of a criminal cyber attack," said a statement sent to the Free Press. "Our information technology team continues to work with external cyber security experts to analyze the nature of the attack and mitigate the impacts of the threat actors. At this time, we have not determined if any patient or employee data was compromised."
The disruption began early Monday, and crippled some parts of the system's operations.
For a short time, ambulances were diverted from McLaren Port Huron Hospital, and some appointments had to be canceled because physicians couldn't access radiology reports, lab test results or orders for additional testing and procedures.
"Immediately after becoming aware of the attack, our hospitals and outpatient clinics instituted downtime procedures to ensure care delivery within our facilities," the McLaren statement said. "Several information technology systems continue to operate in downtime procedures while we work to fully restore functionality to our system. We have policies and procedures in place and train for information technology disruptions. We are grateful for the response from our frontline caregivers and staff who have come together to provide care under these circumstances."
No estimate was given for how long the disruption will last, and spokesperson David Jones did not answer questions from the Free Press about whether this incident involved ransomware and whether it was related to last year's cyberattack from the ransomware gang known as BlackCat/AlphV.
"Currently, our facilities are largely operational and able to care for our communities and will continue to do so until operations are fully restored," the updated statement said. "Our emergency departments continue to be operational, most surgeries and procedures continue to be performed, and our physician offices continue to see as many patients as possible. During this time of limited access to our systems, and out of an abundance of caution, some non-emergent appointments, tests, and treatments are being rescheduled.
"In addition, we are also actively working with our vendor partners and insurance providers to ensure our supply chain is not impacted and insurance authorizations are processed for care and treatments."
About 730,000 people are enrolled in McLaren's insurance plans in Michigan and Indiana. It also provides hospice care and pharmacy services, and operates clinical laboratories.
More:McLaren Health Care's Michigan hospitals hit by 'disruption' to computer, phone systems
The health system advised patients to keep their previously scheduled appointments unless the medical provider asks them to reschedule. It also asked patients to bring paper copies of the following to all appointments:
- A list of current medications or prescription bottles
- Printed physician orders for imaging studies or treatments
- Printed results of recent lab tests, if available, via the McLaren or Karmanos patient portal
- A list of allergies
In late August 2023, McLaren shut down its computer network in response to a ransomware attack that potentially leaked patient data onto the dark web.
A ransomware gang known as BlackCat/AlphV claimed responsibility then, posting online that it stole 6 terabytes of McLaren's data, including the personal information of 2.5 million patients.
Cyberattacks and the data breaches that often accompany them are a growing problem in health care, not only exposing the protected health data of patients but also affecting the ability to provide health care.
More:Cyberattack hits Ascension hospitals' computer networks: 'It's affecting everything'
Last year alone, 725 data breaches were reported to the U.S. Department of Health and Human Services Office for Civil Rights and more than 133 million records containing protected health data were exposed, according to the HIPAA Journal.
A cybersecurity breach in May that struck all 140 Ascension hospitals in the U.S., including in Michigan, forced the Catholic, nonprofit health system to postpone or cancel some appointments, divert ambulances to other hospitals and cut off electronic access to medical records, lab test results, radiology imaging and even impaired the ability for doctors to issue medical orders.
Our feckless Attorney General hasn't been able to find or prosecute any of the cybercriminals who have made a mess of our health care system, but her office does offer advice to victims and potential victims:
AG Nessel Alerts Consumers of Ways to Protect Their Data After McLaren Cyber Attack
By Danny Wimmer - August 09, 2024
LANSING – Michigan Attorney General Dana Nessel is reminding residents about consumer protection tips in the wake of McLaren Health Care’s most recent IT disruption.“These events serve as a clear warning that our most private information is under constant threat from cybercriminals,” said Nessel. “I encourage everyone to be diligent in safeguarding their accounts and to be on the lookout for any indications of personal data exploitation. Unfortunately, at this time information is scarce as to what information may have been exposed. While more than 30 other states have laws requiring State notification of significant breaches, Michigan is not among them, and consumer protection agencies like ours often only learn of these attacks by media reporting.”
Nessel wants consumers to understand the importance of protecting their medical information after a data breach and to recognize the warning signs that may indicate someone is using their information. Affected individuals should watch out for:
- A bill from your doctor for services you didn’t receive.
- Errors in your Explanation of Benefits (EOB), like services you never received or medications you don’t take.
- Calls from debt collectors about medical bills you don’t owe.
- Medical debt collection notices on your credit report that you don’t recognize.
- A notice from your health insurance company saying you’ve reached your benefit limit.
- Denied insurance coverage due to a pre-existing condition you don’t have.
A statement on McLaren’s website indicates the disruption, which was reported on Tuesday, August 6, was the result of a “criminal cyber attack.” McLaren’s statement goes on to indicate its facilities are “largely operational,” but admits it has limited access to its systems.
In October of last year, McLaren was the victim of another attack by a cybercriminal gang known as BlackCat/AlphV, which claimed to have stolen the sensitive personal health information of 2.5 million McLaren patients. Approximately 2,148,749 Michigan residents were sent data breach notice letters advising that certain of their personal information may have been impacted.
McLaren Health Care is a 13-hospital integrated healthcare system based in Grand Blanc, Michigan. Among its facilities is Michigan’s largest network of cancer centers and providers.
If you receive a notification letter or hear about a data breach at one of your medical providers, take these steps to secure your medical and financial accounts:
- Change the passwords on any medical portals you use.
- Check your EOBs from insurers carefully.
- Contact your bank and credit card issuers to place an alert on your accounts.
For more information on how to respond to data breaches, read Attorney General Nessel's consumer alert, Data Breaches: What to Do Next.
If consumers are concerned that their data may have been impacted, they can also consider freezing their credit. A credit freeze prevents creditors—such as banks or lenders—from accessing individuals’ credit reports. This will stop identity thieves from taking out new loans or credit cards in consumer’s names because creditors will not approve their loans or credit requests if they cannot first access their credit reports. By law, a credit bureau must allow you to place, temporarily lift, or remove a credit freeze for free.
When consumers freeze their credit with each bureau, the bureaus will send them a personal identification number. The consumers can then use that PIN to unfreeze their credit if they want to apply for a loan or credit card. Consumers can also use the PIN to freeze their credit again after they have applied for loans or a new credit card.
Individuals will have to freeze their credit with each bureau: Experian, Equifax, and TransUnion.
- Equifax: +1 (888) 766-0008
- Experian: +1 (888) 397-3742
- TransUnion: +1 (800) 680-7289
Cyber attacks in the healthcare sector have been increasing, as well as the severity of the data breaches. The largest data breach in 2023 compromised over 8 million records. In 2022, eight out of the eleven biggest data breaches happened at hospitals or health systems.
Ransomware is one of the most common threats against healthcare organizations. The FBI received 870 complaints of ransomware attacks last year—210 of them from healthcare entities, more than any other sector.
The healthcare industry is highly targeted by cyber attacks because of the large amount of Personal Health Information stored on its systems. These data breaches are costly, with the average breach costing over $11 million to fix.
The McLaren attack comes only months after a ransomware attack on the St. Louis-based Catholic healthcare system Ascension, which operates 15 hospitals in Michigan, and only weeks after Michigan Medicine announced that up to 56,953 patients may have had some health information compromised when employee emails were hacked between May 23 and May 29, 2024.
McLaren has not provided a date for when its systems will be fully functional again.
McLaren Completes Its Internal Investigation
Ten months later, McLaren reveals 740,000 impacted by ransomware attack
A sign for McLaren Medical Laboratory in Flint, Michigan.
By Eli Newman - June 26, 2025* Last summer, hackers accessed sensitive patient information at McLaren Health Care, including medical records and Social Security numbers
* The 12 hospital system concluded an internal review of the cybersecurity breach on May 5 and recently started to inform affected individuals
* The breach was the second in two yearsAfter 10 months, McLaren Health Care has begun to notify more than 740,000 patients that had sensitive personal data and health records exposed during the hospital system’s August 2024 ransomware attack.
The extent of the data extortion scheme, which delayed critical care for chronically ill patients at the Karmanos Cancer Institute and facilities across the state, came to light in recent days as the 12-hospital system based in Grand Blanc posted notice on its website and informed state agencies about the incident.
The cyberattack revealed a range of private files to a group of hackers who use patient data as criminal collateral, including individual medical history, treatment information, Social Security numbers, health insurance and medication records.
Dave Jones, a spokesperson for McLaren, said the hospital system completed its internal investigation with a third-party forensic specialist on May 5 when it determined sensitive patient data had been illegally accessed.
He says the health care system has “followed all regulatory reporting guidelines.”
“Protecting the security and privacy of data in our systems is a top priority,” Jones told Bridge Michigan in an email.
“While there is no evidence of actual or attempted misuse of personal information as a result of the incident, McLaren has begun the process of notifying patients whose data may have been impacted by the event and offering complementary identity protection out of an abundance of caution.”
Federal law requires breaches of protected health information affecting more than 500 people to be reported "without unreasonable delay" and no later than 60 calendar days after discovery.
The US Department of Health and Human Services, which maintains a database of health record breaches required by law, had not posted McLaren’s most recent cybersecurity failure as of June 26.
The agency declined to comment to Bridge Michigan on McLaren.
The Michigan Attorney General’s Office did not respond to Bridge request for comment on the agency’s awareness of the breach or McLaren’s obligation to inform those impacted by the security failure.
It’s the second such ransomware attack for McLaren since October 2023, when the personal health information of at least 2.5 million patients were exposed by the hacker gang BlackCat/ALPHV.
In previous statements, Attorney General Dana Nessel said state law does not require companies to notify the government of significant data breaches, with her office generally learning about consumer-impacting cyberattacks through media reports.
According to the latest available data, the US Department of Health and Human Services Office of Civil Rights is currently reviewing 28 leaks in the state, including those at Michigan Medicine and Catholic Charities West Michigan.
The investigations cover more than 800,000 individuals.
Hacker threats
McLaren has not specified the actors behind the attack, or its response to the extortion scheme, but cybersecurity watchdogs have linked the ransomware breach to the Inc. Ransom cybergang.
Memos reportedly obtained by employees allege the hacker group wanted “nothing more than money” as part of the scheme.
Claudia Rast, a cybersecurity attorney with the Detroit-based law firm Butzel Long, said patient data from ransomware attacks generally end up on the dark web, where the records become available to anybody who wants to buy.
“It’s like a ‘Star Wars’ bar,” Rast told Bridge Michigan. “You don’t want to go there.”
The aftermath of a cyberattack is a “fairly chaotic situation,” Rast explained, with groups like McLaren working first to identify the vulnerabilities that lead to a breach before identifying what exactly was accessed during the hack.
Figuring out which data was taken by groups like Inc. Ransom and BlackCat/ALPHV requires extensive internal audits and data mining processes that often span weeks.
“The threat actors don't label with an Excel spreadsheet… what they took,” she said.
While companies generally employ legal counsel to ensure their compliance with state law and federal statutes like the Health Insurance Portability and Accountability Act and the Health Information Technology for Economic and Clinical Health Act, Rast says their biggest expense is usually the mailing campaigns that follow to inform impacted individuals.
“More often these days, companies have good backups, so they can restore their systems over time,” Rast said. “It's notification and the forensic work that seems to be the greater cost.”
What can patients do?
As part of its consumer alert, McLaren is urging patients to monitor and review their financial statements and insurance claims, offering free credit monitoring and services through the identity theft protection company IDX.
Credit freezes can also help stop identity theft, and companies like Equifax and TransUnion offer a one-year, free fraud alert to monitor for suspicious activity.
But consumer advocates, like Suzanne Bernstein with the privacy protection advocacy group the Electronic Privacy Information Center, worry that breaches like those experienced by McLaren risk “chilling access to health care” as hacking attacks become more frequent.
“We’re often seeing reporting of the breach of really sensitive health information from hospital systems,” said Bernstein. “There's just an increased amount of data collection, which only increases the risk that data has to unauthorized use or breach.”
Bernstein said she worries about a “broader societal harm” as more health information is digitized, advocating for “data minimization” — which requires entities to limit collection based on need.
She highlighted litigation targeting hospital systems’ use of cookies and third-party ad trackers as examples of efforts to challenge data sharing outside of the patient-provider relationship, and advocates for more robust state and federal law that protects health information.
“I think having sectoral but also comprehensive privacy, cybersecurity requirements on the federal level would be great,” Bernstein said. “I sympathize with the reaction of feeling a little helpless as one person compared to a much larger, broader system.”
Get MHF Insights
News and tips for your healthcare freedom.
We never spam you. One-step unsubscribe.
Sponsors
J & DE Family Charitable Fund
Friends
of MHF
Kelly Grotendiek
Philip Harbach
Dale Johnson
Drs. Jeffrey and Joni Jones
Vickie Kahle
Tammy Kipen
Marlin & Kathy Klumpp
Melanie Kurdys
Ruth Nobel
Patrick Peterson
Stephanie Poortenga
Jeanne Smit
Ben and Hope Staal
John Tuinstra
Jacki VanHuis
Sandy Walker
Sign Up for MHF Insights to keep up on the latest in Michigan Health Policy
