McLaren Health Care is responding to a ransomware attack that may have put patient data at risk.
The Michigan Attorney General’s Office reports at least 2.5 million patients have been impacted, though the actual number of people at risk is unknown. The ransomware group BlackCat claimed responsibility for the data theft.
"This attack shows, once again, how susceptible our information infrastructure may be,” Michigan Attorney General Dana Nessel said in a statement. "Organizations that handle our most personal data have a responsibility to implement safety measures that can withstand cyber-attacks and ensure that a patient’s private health information remains private."
During a ransomware attack, computer systems are infiltrated by malware. Then, hackers withhold data access until after a ransom has been paid.
The AG said ransomware attacks against the healthcare sector have increased in recent years. The office recommends patients watch for warning signs like an unexpected bill for services, or an unusual debt collection notice.
McLaren indicated it’s investigating whether personal health information has been exposed on the dark web and is notifying patients whose records were impacted.
McLaren operates 15 hospitals including one in Lansing. Their systems remain operational during the investigation.