Michigan-based McLaren Health Care has confirmed that the sensitive personal and health information of 2.2 million patients was compromised during a cyberattack earlier this year. A ransomware gang later took credit for the cyberattack.
In a new data breach notice filed with Maine’s attorney general, McLaren said hackers were in its systems for three weeks during July 28 through August 23 before the healthcare company noticed a week later on August 31.
McLaren said the hackers accessed patient names, their date of birth and Social Security number, and a wealth of medical information, including billing, claims and diagnosis information, prescription and medication details, and information relating to diagnostic results and treatments. Medicare and Medicaid patient information was also taken.
McLaren is a healthcare provider with 13 hospitals across Michigan and about 28,000 total employees. McLaren, whose website touts its cost efficiency measures, made over $6 billion in revenue in 2022.
News of the incident broke in October when the Alphv ransomware gang (also known as BlackCat) claimed responsibility for the cyberattack, claiming it took millions of patients’ personal information. Days after the cyberattack was disclosed, Michigan attorney general Dana Nessel warned state residents that the breach “could affect large numbers of patients.”
TechCrunch has seen several screenshots posted by the ransomware gang on its dark web leak site showing access to the company’s password manager, internal financial statements, some employee information and spreadsheets of patient-related personal and health information, including names, addresses, phone numbers, Social Security numbers and diagnostic information.
Alphv/BlackCat claimed in its post that the gang had been in contact with a McLaren representative, without providing evidence of the claim.
Disrupt 2026: The tech ecosystem, all in one room
Your next round. Your next hire. Your next breakout opportunity. Find it at TechCrunch Disrupt 2026, where 10,000+ founders, investors, and tech leaders gather for three days of 250+ tactical sessions, powerful introductions, and market-defining innovation. Register now to save up to $400.
Save up to $300 or 30% to TechCrunch Founder Summit
1,000+ founders and investors come together at TechCrunch Founder Summit 2026 for a full day focused on growth, execution, and real-world scaling. Learn from founders and investors who have shaped the industry. Connect with peers navigating similar growth stages. Walk away with tactics you can apply immediately
Offer ends March 13.
When reached by email, McLaren spokesperson David Jones declined to comment beyond the company’s public statement or answer our questions about the incident. The spokesperson would not say if the company received a demand for payment, or if it paid the hackers. McLaren would not make its chief information security officer George Goble available for an interview.
McLaren currently faces at least three class action lawsuits related to the cyberattack.
