McLaren Health discloses another data breach: 743,131 affected

On August 5, 2024, McLaren Health Care discovered suspicious activity on certain computer systems belonging to both McLaren and the Karmanos Cancer Institute. The investigation revealed that unauthorized access to the network occurred between July 17, 2024, and August 3, 2024.

This breach was the result of a cybersecurity attack by an international ransomware group, which targeted the healthcare provider’s systems. On May 5, 2025, McLaren concluded that both personal and protected health information had been compromised.

The breach exposed the following information: name, Social Security number, driver’s license number, medical information, and health insurance information.

In total, 743,131 people in the United States were affected, including 85 Massachusetts residents, 25 Mainers and 841 Texas residents. The breach was officially disclosed to the Maine, Massachusetts, Vermont and Texas Attorney Generals' offices beginning on June 20, 2025, and written notifications to affected consumers began on the same day.

The data breach was also disclosed to the U.S. Department of Health and Human Services on June 24, 2025.

McLaren Health Care's response

McLaren Health Care responded promptly to the incident by securing their network, maintaining clinical operations, and launching a thorough investigation with cybersecurity experts. To assist affected individuals, McLaren established a dedicated call center and provided regular updates through their websites.

The organization is offering 12 months of complimentary credit monitoring and identity theft protection services through IDX to those whose personal information may have been compromised. Detailed instructions for enrolling in these services are included in the written notice sent to consumers.

In addition to these resources, McLaren is providing guidance on how to place fraud alerts and security freezes on credit files, obtain free credit reports, and recognize signs of identity theft or fraud. The company has also reported the incident to relevant state and federal regulators, as well as the three major credit reporting agencies: Equifax, Experian, and TransUnion.

For more information about McLaren Health Care, visit their official website.