LANSING – Michigan Attorney General Dana Nessel is sharing consumer protection reminders following a ransomware attack at Grand Blanc-based McLaren Health Care that could affect large numbers of patients. Ransomware is a form of malware that can disable a company’s entire network. The cybercriminal typically steals data from the system before encrypting the network. The stolen data is held hostage until the ransom is paid.
Cybercriminal gang ALPHV (or BlackCat) has claimed responsibility for the theft of the sensitive personal health information (PHI) of 2.5 million McLaren patients. This group has also been linked to the MGM Resorts and other cyberattacks. In a message posted on the dark web last week, ALPHV claimed the McLaren data was on the dark web and would be released in a few days unless a ransomware payment was received.
“This attack shows, once again, how susceptible our information infrastructure may be,” Nessel said. “Organizations that handle our most personal data have a responsibility to implement safety measures that can withstand cyber-attacks and ensure that a patient’s private health information remains private.”
The actual number and identity of affected patients is unknown, as is the type of PHI. McLaren has acknowledged the ransomware attack in media interviews, saying it was “investigating reports that some of [its] data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible.” McLaren also said it had found no evidence to suggest the group still has access to its IT systems. The healthcare provider has retained security experts and is in touch with law enforcement.
McLaren reportedly detected suspicious activity in its IT systems in August and later confirmed the ransomware attack. Its computer network was taken offline while the incident was investigated. This caused disruption across its healthcare facilities, although healthcare services continued to be provided at all locations and patient care was unaffected.
“Time is of the essence when a breach occurs to ensure affected individuals can take the necessary steps to protect their identities,” Nessel said. “The department’s website contains important measures for residents who believe their information may have been compromised.”
Besides taking steps to protect your medical information, it is important to know the warning signs when someone is using your medical information. The signs include:
- A bill from your doctor for services you did not receive.
- Errors in your Explanation of Benefits (EOB) statement like services you never received or prescription medications you don’t take.
- A call from a debt collector about a medical debt you don’t owe.
- Medical debt collection notices on your credit report that you don’t recognize.
- A notice from your health insurance company indicating you have reached your benefit limit.
- You are denied insurance coverage because your medical records show a pre-existing condition you don’t have.
If you receive a notification letter or hear news about a data breach at one of your medical providers, Nessel advises to take these steps to secure your medical and financial accounts:
- Change the passwords on medical portals that you use.
- Check EOBs from your insurers carefully.
- Contact your bank and credit card issuers and ask them to put an alert on your accounts.
