McLaren Health Care Reports Data Breach Affecting 743,000 Patients

McLaren Health Care has alerted approximately 743,000 patients regarding a significant data breach linked to a ransomware attack perpetrated by the INC group in July 2024.

The breach was identified on August 5, 2024, but forensic investigations to ascertain the full scale of the impact concluded only on May 5, 2025. Notifications to affected individuals began circulating shortly thereafter.

McLaren Health Care is a nonprofit organization based in the United States, generating $6.6 billion in annual revenue. The health system operates a network of 14 hospitals in Michigan, totaling 2,624 beds, and employs 490 physicians alongside 28,000 full-time staff. An additional 113,000 providers are contracted throughout Michigan and Indiana.

In early August 2024, McLaren experienced disruptions to its IT and phone systems, which triggered a series of investigations. The patient database was notably impacted, leading to requests for individuals to present their appointment and medication details during hospital visits.

While the organization refrained from disclosing the identity of the attackers, evidence surfaced when an employee at a McLaren facility in Bay City, Michigan, unintentionally released INC ransom notes that had been printed automatically on hospital printers.

In the notification sent to affected individuals, McLaren acknowledged a ransomware attack but did not explicitly mention INC. The notice stated, “Our organization was the target of a cybersecurity attack by an international ransomware group that impacted the McLaren Health Care and Karmanos Cancer Institute computer network.”

The investigation revealed that the attackers had access to McLaren and Karmanos systems from July 17, 2024, to August 3, 2024.

Documentation submitted to U.S. authorities indicates that full names were among the data exposed, although the full extent of the breach remains unclear due to redacted information.

This incident marks the second major data breach for McLaren Health Care in recent years. The previous breach occurred in July 2023, associated with the ALPHV/BlackCat ransomware group, which compromised sensitive medical data, personally identifiable information, and social security numbers of approximately 2.2 million individuals.

Data samples from this earlier breach were leaked online in October 2023 as part of the extortion strategy employed by the attackers, pressuring McLaren to fulfill an undisclosed ransom demand.