• Home
  • cyber
  • McLaren Health Care: McLaren Health Care to pay $14M in data breach class action settlement
cyber Ransomware

McLaren Health Care: McLaren Health Care to pay $14M in data breach class action settlement

Jan 1, 2023 2 min read
McLaren Health Care: McLaren Health Care to pay $14M in data breach class action settlement

McLaren Health Care Settles $14M Over 2023-2024 Ransomware Breaches Affecting 2.8 Million Patients

McLaren Health Care, a Michigan-based healthcare provider operating 12 hospitals, has agreed to a $14 million settlement following two ransomware attacks in 2023 and 2024 that exposed the personal and medical data of approximately 2.8 million patients. The breaches compromised sensitive information, including names, Social Security numbers, birthdates, health insurance details, and medical records.

The settlement, preliminarily approved by Genesee County Circuit Court Judge Chris B. Christenson on December 15, establishes a fund to cover credit monitoring, identity theft protections, reimbursements for documented losses (up to $5,000), and additional cash payments for affected individuals. U.S. residents impacted by the breaches must file a claim by April 29 to receive benefits. A final approval hearing is scheduled for April 21.

While McLaren denied any wrongdoing, the organization stated the settlement allows it to refocus on patient care and strengthen its cybersecurity measures. The 2024 attack disrupted clinical systems and electronic medical records for three weeks, prompting the company to confirm a criminal cyber intrusion after detecting suspicious activity. The Michigan Attorney General’s office previously linked the 2023 breach to the ALPHV (BlackCat) ransomware group.

A court-approved website, MHCCSettlement.com, has been set up for claim submissions and settlement details.

Source: https://www.mlive.com/news/flint/2026/02/mclaren-health-care-to-pay-14m-in-data-breach-class-action-settlement.html

McLaren Health Care TPRM report: https://www.rankiteo.com/company/mclaren-health-care

"id": "mcl1771014385",
"linkid": "mclaren-health-care",
"type": "Ransomware",
"date": "1/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'customers_affected': '2,800,000 patients',
                        'industry': 'Healthcare',
                        'location': 'Michigan, USA',
                        'name': 'McLaren Health Care',
                        'size': '12 hospitals',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': 'Claim submissions open until April 29 for affected '
                        'U.S. residents',
 'data_breach': {'number_of_records_exposed': '2,800,000',
                 'personally_identifiable_information': ['Names',
                                                         'Social Security '
                                                         'numbers',
                                                         'Birthdates',
                                                         'Health insurance '
                                                         'details'],
                 'sensitivity_of_data': 'High (Social Security numbers, '
                                        'birthdates, health insurance details, '
                                        'medical records)',
                 'type_of_data_compromised': ['Personal data', 'Medical data']},
 'date_detected': '2024',
 'description': 'McLaren Health Care, a Michigan-based healthcare provider, '
                'agreed to a $14 million settlement following two ransomware '
                'attacks in 2023 and 2024 that exposed the personal and '
                'medical data of approximately 2.8 million patients. The '
                'breaches compromised sensitive information, including names, '
                'Social Security numbers, birthdates, health insurance '
                'details, and medical records.',
 'impact': {'data_compromised': 'Personal and medical data of 2.8 million '
                                'patients',
            'downtime': '3 weeks',
            'financial_loss': '$14,000,000',
            'identity_theft_risk': 'High (Social Security numbers, birthdates, '
                                   'health insurance details exposed)',
            'legal_liabilities': 'Settlement for credit monitoring, identity '
                                 'theft protections, and reimbursements',
            'operational_impact': 'Disrupted clinical operations and '
                                  'electronic medical records',
            'systems_affected': 'Clinical systems, electronic medical records'},
 'investigation_status': 'Settlement approved, final hearing scheduled for '
                         'April 21',
 'motivation': 'Criminal',
 'post_incident_analysis': {'corrective_actions': 'Strengthened cybersecurity '
                                                  'measures'},
 'ransomware': {'ransomware_strain': 'ALPHV (BlackCat)'},
 'references': [{'source': 'MHCCSettlement.com',
                 'url': 'https://MHCCSettlement.com'}],
 'regulatory_compliance': {'legal_actions': 'Settlement approved by Genesee '
                                            'County Circuit Court'},
 'response': {'communication_strategy': 'Court-approved website for claim '
                                        'submissions and settlement details',
              'remediation_measures': 'Strengthened cybersecurity measures'},
 'threat_actor': 'ALPHV (BlackCat)',
 'title': 'McLaren Health Care Ransomware Breaches',
 'type': 'Ransomware'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.