McLaren Health discloses another data breach: 743,131 affected

On August 5, 2024, McLaren Health Care discovered suspicious activity on certain computer systems belonging to both McLaren and the Karmanos Cancer Institute. The organization quickly activated emergency response protocols and engaged third-party forensic specialists to investigate and secure their network. The investigation revealed that unauthorized access to the network occurred between July 17, 2024, and August 3, 2024. This breach was the result of a cybersecurity attack by an international ransomware group, which targeted the healthcare provider’s systems.

A comprehensive forensic review was conducted to determine if sensitive information was present in the affected files. By May 5, 2025, McLaren concluded that both personal and protected health information had been compromised.

The breach exposed the following information: name, Social Security number, driver’s license number, medical information, and health insurance information.

In total, 743,131 people in the United States were affected, with 25 of those individuals residing in Maine. The breach was officially disclosed to the Maine Attorney General’s office on June 20, 2025, and written notifications to affected consumers began on the same day.

McLaren Health Care's response

McLaren Health Care responded promptly to the incident by securing their network, maintaining clinical operations, and launching a thorough investigation with cybersecurity experts. To assist affected individuals, McLaren established a dedicated call center and provided regular updates through their websites. The organization is offering 12 months of complimentary credit monitoring and identity theft protection services through IDX to those whose personal information may have been compromised. Detailed instructions for enrolling in these services are included in the written notice sent to consumers.

In addition to these resources, McLaren is providing guidance on how to place fraud alerts and security freezes on credit files, obtain free credit reports, and recognize signs of identity theft or fraud. The company has also reported the incident to relevant state and federal regulators, as well as the three major credit reporting agencies: Equifax, Experian, and TransUnion.

Given the nature of the breach—an international ransomware attack that resulted in the exposure of both PII and PHI—affected individuals are strongly encouraged to take advantage of the free credit monitoring services, remain vigilant by monitoring their financial and medical accounts, and promptly report any suspicious activity. Taking these steps can help mitigate the risk of identity theft or fraud stemming from this incident.

For more information about McLaren Health Care, visit their official website.