Fraud Management & Cybercrime , Healthcare , Incident & Breach Response

McLaren Health: IT Operations Fully Back Online Post-Attack

Restoration Completed Days Ahead of Schedule But Still a Lot of Catch-Up Work to Do
McLaren Health: IT Operations Fully Back Online Post-Attack
Image: McLaren Health Care

The nonprofit behind 13 Michigan hospitals and a network of cancer centers said it restored IT systems a few days earlier than anticipated following an Aug. 6 ransomware attack that forced it to turn away emergency care patients.

See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare

McLaren Health Care earlier this month predicted a full IT recovery wouldn't occur before September (see: McLaren Health Expects IT Disruption to Last Through August).

"With this return to normal operations, all temporary procedures enacted during the disruption have been lifted. Providers at all McLaren Health Care hospitals, Karmanos cancer centers, and outpatient clinics again have access to patients' electronic medical records," McLaren Health said in a statement Tuesday.

McLaren Health said all its emergency departments are now open, accepting patients and receiving all medical conditions arriving by ambulance.

Patients can now also schedule appointments at McLaren's outpatient diagnostic facilities as well as primary and specialty care offices. In addition, all McLaren cancer centers and stroke care facilities are fully operational. Surgeries postponed during the ransomware-induced outage are being rescheduled.

Clinical staff confirmed to Information Security Media Group that McLaren's IT systems, including EHRs, are operational. "I worked 12 hours yesterday - it is back online," a critical care registered nurse at one McLaren Health hospital told ISMG on Tuesday.

The Grand Blanc, Michigan-based nonprofit still faces the task of inputting patient health data charted manually during the three-week disruption. That process began over the weekend and is expected to last several weeks.

McLaren Health said it is still analyzing whether patient or employee information was breached in the attack. The attack prompted state officials, including Michigan Attorney General Dana Nessel, to issue warnings this month for patients about the potential for identity theft and fraud crimes stemming from the incident (see: Officials Warn of Risks as McLaren Recovers From Attack).

The Inc Ransom cybercriminal group quickly claimed responsibility for the attack, which McLaren detected on Aug. 6.

Whether McLaren paid a ransom to attackers in the latest incident to help speed up its recovery "would be pure speculation on anyone's part," said David Finn, executive vice president at security consultancy First Health Advisory. "Unless they tell us, there is not enough information to speculate with any basis in fact," he said.

McLaren's three-week IT recovery from the cyber incident is faster than is often seen in ransomware attacks on similar entities, said Finn, who is a former healthcare CIO. "I would say this was a pretty quick recovery for a system the size of McLaren."

The incident is the second ransomware attack on McLaren within a year (see: McLaren Health Hit With Ransomware for Second Time in a Year).

Last fall, Russian-speaking ransomware gang BlackCat/Alphv claimed to have stolen 6 terabytes of McLaren Health data, compromising sensitive information of more than 2 million patients. McLaren Health has not publicly disclosed whether it paid a ransom to BlackCat (see: Group Claims It Stole 2.5 Million Patients' Data in Attack).


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.