Lawsuit Investigation: McLaren Health Care Data Breach

Last Updated on November 20, 2023

Investigation Complete

Attorneys working with ClassAction.org have finished their investigation into this matter.

Check back for any potential updates and take a look at our open investigations here. The information on this page is for reference only.

View List of Lawsuits
Comments |

At A Glance

This Alert Affects:
Current and former McLaren Health Care patients whose personal information may have been compromised in a data breach.
What’s Going On?
Attorneys are investigating whether a class action lawsuit can be filed in light of reports that a Russian ransomware gang stole the personal information of 2.5 million McLaren Health Care patients in a cyberattack in late August.
How Could a Lawsuit Help?
A class action lawsuit could help compensate data breach victims for loss of privacy and any harm they experienced as a result of the ransomware attack.

Attorneys working with ClassAction.org are investigating whether a class action lawsuit can be filed on behalf of victims of a data breach that reportedly impacted the McLaren Health Care network in late August 2023.

On September 29, Russian ransomware gang ALPHV, also known as BlackCat, claimed on its dark web site that it had stolen 6 terabytes of data that included sensitive information belonging to 2.5 million McLaren Health Care patients. The Michigan-based healthcare network reportedly confirmed that it had experienced a ransomware attack and would be sending out notice to those affected “as soon as possible.”

Now, the attorneys want to hear from people who may have been affected by the data breach as they work to determine whether a class action lawsuit could be filed to help compensate victims.

McLaren Health Care Ransomware Attack: What Happened?

The ALPHV/BlackCat ransomware group reportedly announced on its dark web site around September 29 that it had successfully stolen over 6 terabytes of data from “one of Michigan’s largest healthcare companies” and threatened to publish the information “if our proposal is ignored.” The group later identified McLaren Health Care as its victim and claimed that the stolen data included sensitive information belonging to 2.5 million patients.

McLaren – which operates 13 hospitals in Michigan, dozens of healthcare centers and the state’s largest network of cancer centers, including the Karmanos Cancer Institute – told Information Security Media Group on October 3 that it had detected “suspicious activity” on its network in late August and, after an investigation, confirmed that it had been the victim of a ransomware attack.

Although ALPHV claimed that its “backdoor is still running” on McLaren’s network, the healthcare company said its cybersecurity specialists did not see any evidence to confirm that.

McLaren said it was investigating reports “that some of our data may be available on the dark web” but did not specify exactly what information was involved in the breach. The company reportedly said it would notify individuals whose information was impacted “as soon as possible.”

How a Class Action Lawsuit Could Help

A class action lawsuit, if filed and successful, could help compensate data breach victims for any harm they experienced as a result of the breach, including:

  • Loss of privacy
  • Fraudulent charges
  • Time spent responding to the breach
  • Money spent on credit reports, medical records and credit monitoring and identity theft protection services
  • Damage to credit

Before commenting, please review our comment policy.