One of Michigan's largest healthcare systems, McLaren HealthCare, has fallen prey to a ransomware attack. The breach was confirmed after a notorious hacker group, Black Cat/AlphV, claimed responsibility for the incident. In response, McLaren HealthCare initiated an immediate investigation upon detecting suspicious activities within its computer network.
The healthcare provider, which operates 13 hospitals across Michigan and offers various medical services, including infusion centers, cancer centers, and primary care offices, was hit by severe outages affecting billing and electronic health record systems earlier this month. These disruptions forced the shutdown of computer networks at 14 different facilities, leading employees to resort to personal phones for communication.
While McLaren HealthCare's systems remain operational, the organization has not commented on whether billing and record systems have been fully restored. The company has enlisted the help of global cybersecurity experts to assist in the investigation and has been in contact with law enforcement agencies.
Black Cat/AlphV, the ransomware gang behind the attack, claimed to have stolen 6 TB of data, including potentially millions of individuals' personal information and videos of the hospitals' operations. The group has a history of targeting healthcare institutions and made headlines earlier this year by attempting to extort a healthcare network in Pennsylvania.
This latest attack on McLaren HealthCare follows a spate of ransomware incidents targeting healthcare networks in the United States. Hospitals in several states were forced to cancel appointments, divert ambulances, and resort to paper records in response to the attacks, with at least two hospitals in Connecticut facing potential closure.
The escalating threat of ransomware attacks on healthcare institutions prompted congressional attention, with a House hearing held to address the crisis. Healthcare providers stressed the need for ongoing efforts to bolster cybersecurity defenses against increasingly sophisticated cybercriminals.
Stephen Gates, Principal Security SME, Horizon3.ai, shared how organizations can mitigate the threats of a ransomware attack:
“Today, no organization is immune to the threat of a successful ransomware campaign, but there is something every organization can do about managing their risk – and now is the time to do it. Organizations must immediately discover where their greatest exploitable weaknesses are and remediate them before it’s too late.
In most cases, the ransomware attacks making news daily are not being enabled by some recent CVE. Instead, there are easily exploitable weaknesses residing in almost every organization’s network that are making the ransomware actors “jobs” much easier. Here are the Top 20 issues that we see in organizations networks on a reoccurring basis.
Credential Reuse Across Systems
Unsecured Admin Credentials
Insecure Active Directory Configurations
Default Service Accounts
Inadequate Access Control
Deficient Network Segmentation
Insecure Network Protocols in Use
Unsafe File Sharing Practices
Improperly Secured Databases
Password/Credential Exposure
Exposed RDP Ports
Absence of Multi-factor Authentication (MFA)
Misconfigured Security Controls
Outdated Hardware/Software
Insufficient Incident Response Processes
Missing Patches and Updates
Misconfigured Firewalls
Insecure Wireless Networks
Insecure IoT Devices
Shadow IT"
###