McLaren Health System officials confirmed the cause of a technology disruption from earlier this week was a criminal cyber attack.
In a statement, the company said all 13 of its facilities have been affected, including those in northern Michigan.
This is the second time in a year the health system has been targeted by a cyberattack, though a McLaren spokesman told IPR News the incidents are unrelated.
"Our information technology team continues to work with external cyber security experts to analyze the nature of the attack and mitigate the impacts of the threat actors," the statement said.
The issues began Monday with some phones and computers going offline. Officials said they have not yet determined if any patient or employee data was compromised.
Meanwhile, patients are advised to keep scheduled appointments but to bring copies of the following information with them:
- A list of current medications or prescription bottles
- Printed physician orders for imaging studies or treatments
- Printed results of recent lab tests available in the patient portals:
McLaren Health Care - patient portal
McLaren Caro Region - patient portal
McLaren Thumb Region - patient portal
Karmanos - patient portal - A list of allergies
McLaren owns a hospital in Petoskey and operates a healthcare campus in Cheboygan.
The breach comes nearly a year since the company was last targeted. In August 2023, a ransomware gang known as BlackCat/AlphV claimed responsibility.
The gang said it stole 6 terabytes of data, including the personal information of 2.5 million patients.
According to the U.S. Department of Health and Human Services, cyber attacks on hospitals and health systems are on the rise.
"From 2018-2022, there has been a 93% increase (369 to 712 total incidents). With a 278% increase in large breaches involving ransomware," the department said in a 2023 press release. "Cyber incidents affecting hospitals and health systems have led to extended care disruptions, patient diversions to other facilities, and delayed medical procedures, all putting patient safety at risk."
A Munson Healthcare facility in Gaylord was also attacked in October of last year.
While local governments, school systems and individuals can all be targets of cyberattacks, healthcare systems are attractive to criminal organizations due to the massive amounts of data they can hold — including medical records, financial information, Social Security numbers, names and addresses.
"To the communities we are honored to serve, we deeply and sincerely apologize for any inconvenience the attack by these malicious threat actors has caused," McLaren said in its statement. "We truly appreciate the understanding of our patients, their families and loved ones, and the visitors to our facilities."
Copyright 2024 Interlochen Public Radio