top of page

Major Michigan Healthcare Provider Falls Victim to Ransomware Attack

One of Michigan's largest healthcare systems, McLaren HealthCare, has fallen prey to a ransomware attack. The breach was confirmed after a notorious hacker group, Black Cat/AlphV, claimed responsibility for the incident. In response, McLaren HealthCare initiated an immediate investigation upon detecting suspicious activities within its computer network.

The healthcare provider, which operates 13 hospitals across Michigan and offers various medical services, including infusion centers, cancer centers, and primary care offices, was hit by severe outages affecting billing and electronic health record systems earlier this month. These disruptions forced the shutdown of computer networks at 14 different facilities, leading employees to resort to personal phones for communication.

While McLaren HealthCare's systems remain operational, the organization has not commented on whether billing and record systems have been fully restored. The company has enlisted the help of global cybersecurity experts to assist in the investigation and has been in contact with law enforcement agencies.

Black Cat/AlphV, the ransomware gang behind the attack, claimed to have stolen 6 TB of data, including potentially millions of individuals' personal information and videos of the hospitals' operations. The group has a history of targeting healthcare institutions and made headlines earlier this year by attempting to extort a healthcare network in Pennsylvania.

This latest attack on McLaren HealthCare follows a spate of ransomware incidents targeting healthcare networks in the United States. Hospitals in several states were forced to cancel appointments, divert ambulances, and resort to paper records in response to the attacks, with at least two hospitals in Connecticut facing potential closure.

The escalating threat of ransomware attacks on healthcare institutions prompted congressional attention, with a House hearing held to address the crisis. Healthcare providers stressed the need for ongoing efforts to bolster cybersecurity defenses against increasingly sophisticated cybercriminals. Stephen Gates, Principal Security SME,, shared how organizations can mitigate the threats of a ransomware attack:

“Today, no organization is immune to the threat of a successful ransomware campaign, but there is something every organization can do about managing their risk – and now is the time to do it. Organizations must immediately discover where their greatest exploitable weaknesses are and remediate them before it’s too late.

In most cases, the ransomware attacks making news daily are not being enabled by some recent CVE. Instead, there are easily exploitable weaknesses residing in almost every organization’s network that are making the ransomware actors “jobs” much easier. Here are the Top 20 issues that we see in organizations networks on a reoccurring basis.

  1. Credential Reuse Across Systems

  2. Unsecured Admin Credentials

  3. Insecure Active Directory Configurations

  4. Default Service Accounts

  5. Inadequate Access Control

  6. Deficient Network Segmentation

  7. Insecure Network Protocols in Use

  8. Unsafe File Sharing Practices

  9. Improperly Secured Databases

  10. Password/Credential Exposure

  11. Exposed RDP Ports

  12. Absence of Multi-factor Authentication (MFA)

  13. Misconfigured Security Controls

  14. Outdated Hardware/Software

  15. Insufficient Incident Response Processes

  16. Missing Patches and Updates

  17. Misconfigured Firewalls

  18. Insecure Wireless Networks

  19. Insecure IoT Devices

  20. Shadow IT"



bottom of page