McLaren Health Care is facing three federal class-action lawsuits after a recent ransomware attack by a Russian group compromised the personal information of 2.5 million patients. The lawsuits, filed only days after the cyberattack, allege negligence by McLaren in safeguarding patient privacy. These legal actions claim that the healthcare provider failed to protect sensitive patient data. McLaren has contacted law enforcement regarding the incident, but it remains unclear whether they have officially reported the data breach to regulators.
Despite the significant breach, no report involving McLaren has been posted on the Department of Health and Human Services’ HIPAA Breach Reporting Tool website. The Michigan State Attorney General, Dana Nessel, issued a consumer protection warning, highlighting the potential impact of the ransomware attack on a large number of patients.
While the actual number and identity of affected patients remain unknown, Nessel stressed the importance of organizations implementing robust security measures to safeguard personal data. McLaren is a $6.6 billion integrated healthcare delivery system with multiple hospitals and healthcare facilities.
The lawsuits, filed on behalf of McLaren patients, claim that McLaren’s handling of private information was reckless, leaving it susceptible to cyber intrusions and attacks. The stolen data remains in the hands of cybercriminals who target private information for identity theft. The legal actions seek punitive damages and injunctions to enhance McLaren’s security practices. The healthcare provider has yet to comment on the status of its investigation or the lawsuits filed against it.