Cyber Incident Victim: McLaren Health Care
Date:
Aug 2024
Location:
United States of America
Summary
A healthcare provider experienced a criminal cyber attack causing significant IT and phone system disruptions, though hospital operations including emergency departments and scheduled surgeries continued normally. Non-emergent appointments, tests, and treatments faced rescheduling, with patients advised to bring critical medical documentation to visits. The organization acknowledged staff efforts in maintaining care during the prolonged downtime but had not yet confirmed whether patient or employee data was compromised. Cybersecurity experts noted similarities between this incident and another major healthcare system breach earlier in the year that resulted in weeks-long operational challenges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
McLaren Health Care confirmed on August 5, 2024, that a criminal cyberattack caused widespread disruptions to its technology infrastructure, including IT systems and phone services. The organization first acknowledged system disruptions on August 4 but provided no additional details the following day. While emergency departments remained fully operational with surgeries and procedures continuing as scheduled, the attack forced the rescheduling of numerous non-emergent appointments, diagnostic tests, and treatments across their hospital network. Patients with confirmed appointments were instructed to bring critical medical documentation, including printed physician orders, medication lists, allergy information, and lab results, to mitigate potential care delays caused by system unavailability. McLaren emphasized that clinical operations persisted despite the extended downtime, with staff implementing manual workarounds to maintain essential services.
The healthcare provider stated it had not yet determined whether patient or employee data was compromised during the breach. Internal communications highlighted the coordinated response from medical staff and team members, who maintained clinical operations under challenging circumstances. McLaren leadership publicly acknowledged staff efforts, praising their "heartfelt compassion and camaraderie" in sustaining patient care during the ongoing technical outage. Cybersecurity experts noted parallels between this incident and the Ascension health system breach earlier in 2024, which caused multi-week operational disruptions. No threat actor group claimed responsibility for the attack as of the latest reports, and McLaren provided no timeline for full system restoration. The organization continued to assess the scope and impact of the intrusion while maintaining contingency protocols for clinical operations.