McLaren Health Care and Karmanos Cancer Institute

A ransomware attack between July and August 2024 affecting McLaren Health Care and Karmanos Cancer Institute has resulted in a data breach affecting nearly 750,000 people. Hackers stole data including Social Security numbers, health insurance information, driver's license details, names, and medical data. The breach was linked to the INC ransomware gang. The attack disrupted IT and phone systems, leading to cancellations and rescheduling of surgeries, appointments, and treatments. Affected individuals are being offered a year of free credit monitoring.

Source: https://www.techradar.com/pro/security/major-data-breach-at-mclaren-health-care-sees-743-000-patients-affected-heres-what-we-know

TPRM report: https://scoringcyber.rankiteo.com/company/mclaren-health-care

"id": "mcl600062425",
"linkid": "mclaren-health-care",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"

{'affected_entities': [{'customers_affected': '743,131',
                        'industry': 'Healthcare',
                        'name': 'McLaren Health Care',
                        'type': 'Healthcare Provider'},
                       {'customers_affected': '743,131',
                        'industry': 'Healthcare',
                        'name': 'Karmanos Cancer Institute',
                        'type': 'Healthcare Provider'}],
 'attack_vector': 'Ransomware',
 'customer_advisories': 'Offered a year of free credit monitoring',
 'data_breach': {'data_exfiltration': 'Yes',
                 'number_of_records_exposed': '743,131',
                 'personally_identifiable_information': 'Yes',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['Social Security numbers',
                                              'Health insurance information',
                                              "Driver's license details",
                                              'Names',
                                              'Medical data']},
 'date_detected': '2024-08-05',
 'date_publicly_disclosed': '2025-05',
 'description': 'A ransomware attack between July and August 2024 affecting '
                'McLaren Health Care and Karmanos Cancer Institute has '
                'resulted in a data breach affecting nearly 750,000 people.',
 'impact': {'data_compromised': ['Social Security numbers',
                                 'Health insurance information',
                                 "Driver's license details",
                                 'Names',
                                 'Medical data'],
            'downtime': 'Some surgeries, appointments and treatments were '
                        'canceled or rescheduled',
            'operational_impact': 'Staff resorted to manually managing '
                                  'appointments and medication information',
            'systems_affected': ['IT systems', 'Phone systems']},
 'investigation_status': 'Completed',
 'motivation': 'Financial gain, Data theft',
 'ransomware': {'data_exfiltration': 'Yes',
                'ransomware_strain': 'INC ransomware'},
 'recommendations': 'Vigilance, Monitoring accounts for suspicious activity',
 'references': [{'source': 'TechRadar Pro'}],
 'response': {'communication_strategy': 'Public notification released, Free '
                                        'credit monitoring offered'},
 'threat_actor': 'INC ransomware gang',
 'title': 'McLaren Health Care and Karmanos Cancer Institute Data Breach',
 'type': 'Data Breach, Ransomware'}