San Francisco, Nov 14 (IANS) US-based McLaren Health Care has admitted that hackers compromised sensitive personal and health information of 2.2 million patients in a recent cyber attack.
The healthcare major said in a new data breach notice filed with Maine’s Attorney General that the total number of persons affected (including residents) were 2,192,515 in the breach.
Hackers broke into its systems for three weeks during July 28 through August 23 before the healthcare company noticed a week later on August 31, reports TechCrunch.
The hackers accessed patient names, their date of birth and Social Security number and medical information, including billing, claims and diagnosis information, prescription and medication details, and information relating to diagnostic results and treatments.
Medicare and Medicaid patient information was also taken, according to the company.
A ransomware gang later took credit for the cyberattack on McLaren.
McLaren is a healthcare provider with 13 hospitals across Michigan and about 28,000 total employees. The company made over $6 billion in revenue in 2022.
“On or about August 22, 2023, McLaren became aware of suspicious activity related to its computer systems. McLaren immediately launched an investigation with the assistance of third-party forensic specialists to secure its network and to determine the nature and scope of the activity,” said the healthcare company.
As part of an ongoing investigation, McLaren undertook a thorough review of the potentially impacted files to determine whether any sensitive information was present. It was through this process, which concluded on October 10, that McLaren determined that information pertaining to “certain individuals may have been included in the potentially impacted files”.
The information that could have been subject to unauthorised access includes name, Social Security number, a consumer’s past, present or future physical, mental or behavioral health or condition, or that of a member of the consumer’s family, and the provision of health care to a consumer, or payment for the provision of health care to a consumer, it informed.