The Target: McLaren is a nonprofit health system in the U.S. with $6.6 billion in annual revenue, operating a network that spans 14 Michigan hospitals (2,624 beds).
The Take: The McLaren data breach notification sample submitted to U.S. authorities confirms that full names were exposed, redacting other data types that were exposed. Therefore, the full extent of the data breach remains unclear.
The Vector: In the notice sent to impacted individuals, McLaren Health Care admits that the incident concerned a ransomware attack, though the INC ransomware gang, believed to be responsible for the attack, is still not mentioned.
This breach highlights the extreme importance of timely software updates for known software vulnerabilities, not only in systems directly under a firm’s control, but in third-party systems the firm relies upon as well. The longer a firm, or its vendors, hold out on deploying the most up-to-date software for their systems, the greater the chance an attacker will exploit the issue.