By HFT Staff

On or about August 22, 2023, McLaren Health Care became aware of suspicious activity related to certain computer systems. McLaren immediately launched an investigation with the assistance of third-party forensic specialists to secure their network and to determine the nature and scope of the activity. Through the investigation, it was determined that there was unauthorized access to McLaren’s network between July 28, 2023, and August 23, 2023. On August 31, 2023, they learned the unauthorized actor had the ability to acquire certain information stored on the network during the period of access. As part of their ongoing investigation, McLaren undertook a thorough review of the potentially impacted files to determine whether any sensitive information was present. It was through this process, which concluded on October 10, 2023, that they determined that information pertaining to certain individuals may have been included in the potentially impacted files. 

McLaren is mailing notice letters to impacted individuals for whom they have valid mailing addresses. This letter will include resources that individuals can reference to further protect their information.  

The information impacted varied by individual and not all information was available for every individual. The information that may have been impacted includes some combination of certain individuals’ names and the following: Social Security number, health insurance information, date of birth, and medical information including billing or claims information, diagnosis, physician information, medical record number, Medicare/Medicaid information, prescription/medication information, diagnostic results and treatment information. 

Upon learning of this event, McLaren immediately took steps to secure their network and maintain operations in a safe and secure fashion. McLaren are working to review their existing policies and procedures and to implement additional administrative and technical safeguards to further secure the information on their systems. Notice was also provided to federal law enforcement and to the U.S. Department of Health and Human Services.