Daily Briefing: Auto industry's recall issue; Trump and Musk charged by UAW; Benson's home attacked; more
HEALTH

Michigan AG Nessel: Details 'scarce' about what data was leaked in McLaren cyberattack

Portrait of Kristen Jordan Shamus Kristen Jordan Shamus
Detroit Free Press

Details about what, if any, protected patient information was compromised in the Aug. 5 cyberattack at McLaren Health Care remain "scarce," said Michigan Attorney General Dana Nessel.

“These events serve as a clear warning that our most private information is under constant threat from cybercriminals,” Nessel said in a statement her office issued Friday. “I encourage everyone to be diligent in safeguarding their accounts and to be on the lookout for any indications of personal data exploitation.

"Unfortunately, at this time, information is scarce as to what information may have been exposed. While more than 30 other states have laws requiring state notification of significant breaches, Michigan is not among them, and consumer protection agencies like ours often only learn of these attacks by media reporting.”

Michigan Attorney General Dana Nessel talks to the press Friday, Jan. 4, 2019 at her new office in Lansing.

It's the second time in a year, cybercriminals have attacked McLaren's technology platforms. The Grand Blanc-based health system confirmed Wednesday the cause of a disruption to all 13 of its Michigan hospitals, surgery, infusion and imaging centers, along with its network of 113,000 medical providers throughout Michigan, Indiana and Ohio.

"The disruption ... was the result of a criminal cyber attack," said a statement sent to the Free Press. "Our information technology team continues to work with external cyber security experts to analyze the nature of the attack and mitigate the impacts of the threat actors. At this time, we have not determined if any patient or employee data was compromised."

The disruption began early Monday, and crippled some parts of the system's operations.

Patients told the Free Press they couldn't get radiation treatments for cancer or cardiac testing as a result of the cybersecurity incident. And for a short time, ambulances were diverted from McLaren Port Huron Hospital. Some appointments had to be canceled because physicians couldn't access radiology reports, lab test results or orders for additional testing and procedures.

McLaren has not said when its systems were expected to be fully functional again.

McLaren Macomb hospital on Harrington Road in Mt. Clemens on July 21, 2021.

Last August, a ransomware gang known as BlackCat/AlphV claimed responsibility for another attack on McLaren, posting online that it stole 6 terabytes of data, including the personal information of 2.5 million patients.

The health system reported at the time that it had shut down its own computer networks "out of an abundance of caution" after its information technology security team found suspicious activity during routine monitoring.

Nessel urged Michiganders to be vigilant, and watch for the following signs that suggest medical information was compromised in the McLaren cyberattacks or others that have plagued health care companies in recent years:

  • A bill from your doctor for services you didn’t receive.
  • Errors in an Explanation of Benefits (EOB) report from your insurance company. An example would be seeing services you never received listed on an EOB or insurance coverage for medications you don’t take.
  • Calls from debt collectors about medical bills you don’t owe.
  • Medical debt collection notices on your credit report that you don’t recognize.
  • A notice from your health insurance company saying you’ve reached your benefit limit.
  • Insurance coverage denial notices for a preexisting medical condition you don’t have.

Nessel said the health care industry is a target for cybercriminals because of the large amount of personal health Information stored on its systems.

The McLaren cyberattack comes just a few months after an attack on 140 Ascension hospitals in the U.S., including in Michigan, cut off electronic access to medical records, lab test results, radiology imaging and even impaired the ability for doctors to issue medical orders.

More:McLaren patients say they can't get cancer treatments, heart tests in wake of cyberattack

More:How to protect yourself from health care cybersecurity breaches

Also in May, the personal information of more than 56,000 people — including names, medical record numbers, addresses, dates of birth, diagnostic and treatment information, and health insurance details — was compromised in a cyberattack at Michigan Medicine, the academic medical center of the University of Michigan.

If you receive notification that your personal data was involved in a cybersecurity breach, Nessel recommends:

  • Changing the passwords on any medical portals you use.
  • Carefully checking your insurance company's explanation of benefits documents
  • Contacting your bank and credit card companies to place an alert on your accounts.

Another option is to consider a credit freeze, which prevents creditors from accessing your credit report. This can stop identity thieves from getting new loans or credit cards in your name. By law, credit bureaus must allow you to place, temporarily lift, or remove a credit freeze for free.

If you choose to freeze your credit, you'd have to contact all three credit bureaus:

  • Equifax: 888-766-0008
  • Experian: 888-397-3742
  • TransUnion: 800-680-7289

When you place the freeze on your credit, you'll get a personal identification number that also can be used to unfreeze your credit should you choose to apply for a loan or a new credit card. The same PIN can be used to reinstate the freeze, if you choose.

Contact Kristen Shamus: kshamus@freepress.com. Subscribe to the Free Press.