Healthcare Giant McLaren Reveals Data On 2.2 Million Patients Stolen During Ransomware Attack (techcrunch.com) 12
An anonymous reader quotes a report from TechCrunch: Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. A ransomware gang later took credit for the cyberattack. In a new data breach notice filed with Maine's attorney general, McLaren said hackers were in its systems for three weeks during July 28 through August 23 before the healthcare company noticed a week later on August 31. McLaren said the hackers accessed patient names, their date of birth and Social Security number, and a wealth of medical information, including billing, claims and diagnosis information, prescription and medication details, and information relating to diagnostic results and treatments. Medicare and Medicaid patient information was also taken.
McLaren is a healthcare provider with 13 hospitals across Michigan and about 28,000 total employees. McLaren, whose website touts its cost efficiency measures, made over $6 billion in revenue in 2022. News of the incident broke in October when the Alphv ransomware gang (also known as BlackCat) claimed responsibility for the cyberattack, claiming it took millions of patients' personal information. Days after the cyberattack was disclosed, Michigan attorney general Dana Nessel warned state residents that the breach "could affect large numbers of patients." TechCrunch has seen several screenshots posted by the ransomware gang on its dark web leak site showing access to the company's password manager, internal financial statements, some employee information, and spreadsheets of patient-related personal and health information, including names, addresses, phone numbers, Social Security numbers, and diagnostic information. Alphv/BlackCat claimed in its post that the gang had been in contact with a McLaren representative, without providing evidence of the claim.
McLaren is a healthcare provider with 13 hospitals across Michigan and about 28,000 total employees. McLaren, whose website touts its cost efficiency measures, made over $6 billion in revenue in 2022. News of the incident broke in October when the Alphv ransomware gang (also known as BlackCat) claimed responsibility for the cyberattack, claiming it took millions of patients' personal information. Days after the cyberattack was disclosed, Michigan attorney general Dana Nessel warned state residents that the breach "could affect large numbers of patients." TechCrunch has seen several screenshots posted by the ransomware gang on its dark web leak site showing access to the company's password manager, internal financial statements, some employee information, and spreadsheets of patient-related personal and health information, including names, addresses, phone numbers, Social Security numbers, and diagnostic information. Alphv/BlackCat claimed in its post that the gang had been in contact with a McLaren representative, without providing evidence of the claim.
Let's Have the Relevant Number (Score:3)
How many IT people have been laid off in the last two years?
How many job openings in IT?
How many rounds of six against one interviews do they have to endure on average before they get hired?
How many people out of those 28000 employees can write a bash script that does something useful without nine Stack Overflow searches?
Re:Let's Have the Relevant Number (Score:4, Interesting)
Re: (Score:2)
Essentially regulatory failure. The ones responsible here (the C-levels deciding the budget) should be personally punished for what happened here. For that there need to be laws or regulations that say you have to protect patient data effectively.
Re: Let's Have the Relevant Number (Score:2)
No, caused by regulation. Hospitals have absurdly low operating margins, any additional costs like the ObamaCare, EHR and COVID mandates and more recently the immigrant surge and you will need to start cutting significantly, the first places to go will be the support roles from nurses to IT to cleaning staff.
Re: (Score:2)
That is bullshit.The US has about the most expensive medical system on the planet, but definitely not the best one.
Re: (Score:2)
Not really. US pays more on an individual basis but less on a per capita basis for pure healthcare. If you're adding in research costs, about 50-60% of any budgets you quote include healthcare research which the US outstrips spending on for the next 10 countries combined.
big fines, no solutions (Score:3)
PII has been stolen, lives will be impacted and the customer solution will be "here's a year of craptacular credit monitoring."
In the meantime, the healthcare company will get a hefty fine and will hire some big-name consulting firm to address issues that they already knew about
years ago.
It never changes.
Re: (Score:2)
There should be a fund that pays out to victims, and also is invested in improving the whole industry so that e.g. everyone gets free credit monitoring all the time as a matter of course.
Every company that suffers a breech is obliged to pay in for 25 years. The payments are decided yearly, based on how much it costs to run the programme.
No more "identity theft" (Score:2)
At this point in time so much PII has been lost in various leaks that it is ludicrous to talk about "identity theft". If anyone provides valuable goods/services to an entity with no more assurance of identity than can provided by showing knowledge of basic PII, then the person who provided those goods/services should have the burden of proof regarding who owes them what.
The idea that "identity theft" is the problem of the person whose identity was fraudulently given in a transaction is ridiculous given th
FAKE NEWS (Score:2, Funny)
I'm pretty sure far fewer than 2.2 million McLaren supercars have ever been built!
McLaren (Score:2, Funny)
Lando Norris is doing well, only a few points behind Fernando Alonso with 2 GP left in the season
A little lacking in technical details. (Score:2)