Business Continuity Management / Disaster Recovery , Fraud Management & Cybercrime , Governance & Risk Management
McLaren Health Expects IT Disruption to Last Through August
Patients Still Asked to Bring Paper Records to Appointments Post-Ransomware AttackAfter a near monthlong IT disruption at McLaren Health Care, patients still must bring their own printed copies of appointment information, physician orders for imaging studies and treatments, and recent lab test results before they can see a doctor.
See Also: Gartner Guide for Digital Forensics and Incident Response
With electronic medical records access still down after a ransomware attack, Grand Blanc, Michigan-based McLaren Health Care is advising patients to print the information from its patient portals and bring their empty prescription bottles, as well as lists of their allergies and current medications to appointments.
While most of McLaren's facilities are open and operational, IT systems across its 13 hospitals, Karmanos cancer centers, surgery centers and clinics are still affected. In a statement Friday, the provider publicly confirmed that the security incident discovered on Aug. 6 was in fact a ransomware attack.
From the start of the incident, ransomware group INC Ransom claimed to be behind the attack (see: McLaren Health Hit With Ransomware for Second Time in a Year).
"The disruption is expected to continue through the end of August, while cyber forensic investigations are ongoing. The incident is contained, but access to certain McLaren systems remains limited," McLaren said. "Our team members continue to have limited access to information technology systems so patients may experience longer than usual wait times."
McLaren hospital staff still do not have access to electronic medical records and other clinical IT systems, which is translating to much longer times to care for patients and heavier workloads to manually chart their information, said Dina Carlisle, a critical care registered nurse at one of McLaren's hospitals.
Since nurses don't have access to hospital EMRs and medication administration record systems, "we are double- and triple-checking our work," she said.
Carlisle is the president of the RN Staff Council of the Office and Professional Employees International Union Local 40 in Macomb Township, Michigan, which represents nurses, radiological technologists and other medical professionals. The group just sent a petition to McLaren for more staffing and daily updates on the situation, she said. "We've had one meeting in the last three weeks."
The union sent a similar petition in June to Ascension when that Missouri-based hospital chain was dealing with a highly disruptive ransomware attack (see: Union Demands Patient Safety Fixes in Ascension Cyber Outage).
McLaren in its latest update acknowledges that the IT outage presents challenges to clinicians as well as patients.
"Communicating results from lab and diagnostic tests to patients and providers is of paramount importance. We continue processing lab tests and reading imaging studies and communicating with your physician as they become available," McLaren said in its update.
Meanwhile, scheduling of certain types of appointments has also been affected by the IT outage.
"Patients in need of an outpatient imaging study can temporarily schedule their appointments through their local McLaren imaging departments," the statement said, directing patients to a list of about 66 McLaren imaging facilities that they can call.
Patients who usually get certain care at various McLaren facilities, including some of its Karmanos Cancer Institute centers, are also experiencing postponements or have to move more urgent treatments to non-McLaren healthcare systems, according to local media outlet WJRT in Michigan.
"We remain truly grateful for the tireless effort and dedication displayed by our team members under these demanding circumstances, and we sincerely regret any impact this cyberattack may have had on our patients," McLaren said in its statement.
The health system continues to work with cybersecurity experts to assess the extent of the impact of the incident and to determine whether any employee or patient information was compromised, McLaren said.
"If the health system identifies that any protected health information or personal information was compromised, it will contact the affected individuals directly pursuant to state and federal reporting guidelines," the statement says.
Phil Incarnati, CEO and president of McLaren Health, in the statement acknowledged the stressful conditions the IT disruption is causing for the organization's clinical and other staff.
"Under extremely trying circumstances, McLaren teams on the front lines and those in support roles across the state have answered the call," he said.
"From doctors and nurses to dietary professionals, administrative assistants, patient advocates and all team members in between, our patients, their families and our communities will be forever grateful for your resilience and kindness."
It is not uncommon for ransomware attacks on healthcare organizations to result in IT outages that last weeks or even months.
A 2022 cyberattack on Chicago-based CommonSpirit disrupted access to its IT systems, including electronic health records, at many of its 100-plus hospitals for several weeks and resulted in at least $160 million in financial fallout (see: CommonSpirit Details Financial Fallout of $160M Cyberattack).
Earlier Attack
The recent cyber incident at McLaren Health is not the organization's first encounter with a ransomware attack.
Last fall, Russian-speaking ransomware gang BlackCat/Alphv claimed to have stolen 6 terabytes of McLaren Health data - compromising sensitive information of more than 2 million patients. McLaren Health has not publicly disclosed whether it paid a ransom to BlackCat (see: Group Claims It Stole 2.5 Million Patients' Data in Attack).
Michigan state officials have weighed in publicly about the latest McLaren attack.
Michigan Attorney General Dana Nessel in an Aug. 9 alert urged consumers to be proactive in monitoring their credit and other accounts in the wake of the second major cyberattack on McLaren Health within the last year.
Also, the latest attack on McLaren Health prompted state Rep. Donni Steele, a Republican who represents Michigan's Orion Township, to call upon the state's Legislature "to enhance the penalties for waging ransomware attacks and improve partnerships with local law enforcement to better respond to ransomware."
McLaren Health is facing several proposed federal class action lawsuits involving that earlier hack (see: McLaren Health Care Facing 3 Lawsuits in Ransomware Hack).
McLaren Health did not immediately respond to Information Security Media Group's request for additional details about its latest incident.