McLaren Health Data Breach
In August 2023, “ALPHV,” or “BlackCat” gained unauthorized access to the McLaren Health Care Corporation system through a ransomware attack accessing over 2 million patients’ personal medical information.
BlackCat was a threat actor known to McLaren at the time the breach occurred and McLaren neglected to employ mitigation and defense strategies to protect their patients’ information from such an attack.
After the breach, McLaren neglected to inform patients of its security failure and the unauthorized theft of their personal medical information for months. The first public acknowledgement of the breach was in response to an October 2023 report following the hackers’ public claims they had accessed several terabytes of data from the McLaren system relating to 2.2 million patients. McLaren did not alert California residents until November 2023--three months after the breach.
The breach is known to have affected residents of Michigan and California. Both states afford their citizens protections under various privacy statutes specifically designed to protect private data, such as medical information.
EKO has filed a complaint in the Eastern District of Michigan federal court alleging violations of Michigan and California privacy and consumer protection laws. The case is Weathers v. McLaren Health Care Corporation, Case No. 2:23-cv-12608.
If you were a victim of unauthorized access of your personal medical information or social security number, or have information about this case, please contact an EKO attorney.