- Home
- Hospitals & Providers
- Weeks After Ransomware Assault ...
McLaren Health Care has returned to normal operations weeks after a ransomware attack targeted its information communications technology, the healthcare operator based in Grand Blanc, Michigan, announced on Tuesday. The restoration was completed several days ahead of the anticipated timeline. Initially, McLaren expected the IT service disruptions to continue through August.
While providers at McLaren’s hospitals, cancer centers, and clinics are now using the system’s electronic health record (EHR) again, it will take several weeks to input patient information that was recorded manually during the IT system outage, according to McLaren.
McLaren, which operates 13 hospitals in Michigan and Ohio, experienced IT and phone system problems at the beginning of August. The provider later confirmed that it had fallen victim to a ransomware attack—a type of malicious software that encrypts data and demands payment for its decryption.
This incident occurred approximately a year after McLaren suffered a similar ransomware attack. Such repeated incidents highlight the healthcare industry’s vulnerability to ransomware attacks, which have severe consequences, particularly for hospitals. The industry is considered one of the most critical infrastructures in the United States.
In fact, ransomware attacks on the U.S. healthcare sector surged by 128% in 2023 compared to the previous year, according to an analysis of data from the Cyber Threat Intelligence Integration Center.
During the outage, some McLaren locations had to reroute ambulances to other facilities, as the health system stated in an August 12 update. A few routine visits, exams, and other procedures were also postponed. The health system advised patients to bring a list of medications, prescription bottles, written orders for imaging studies or treatments, lab tests performed in the last two days, and a list of any allergies. During the IT crisis, patient medical details were recorded manually.
McLaren is now working with cybersecurity specialists to determine whether any patient or employee information was compromised in the cyber attack.