The BlackCat ALPHV ransomware group is now targeting healthcare systems as news of its latest victims came to light on Friday. The notorious gang boasted about the attack on their dark website, after which McLaren Healthcare confirmed the ransomware attack.
McLaren Healthcare is one of the largest healthcare systems in Michigan. The BlackCat ransomware group claims to have access to sensitive data of McLaren’s 2.5 million patients and videos of hospital work, which is altogether 6TB of data.
The ransomware group did not initially name the company but added McLaren’s name hours later when the healthcare provider supposedly tried to hide the hack attack, and their spokesperson did not respond to the ransomeware group’s demands.
As reported by RecordMedia, a spokesperson from McLaren HealthCare said that the organization came across suspicious activity on their computer network and launched an investigation to determine the cause.
“Based on our investigation, we have determined that we experienced a ransomware event. We are investigating reports that some of our data may be available on the dark web and will notify individuals whose information was impacted, if any, as soon as possible,” a spokesperson said.
The McLaren spokesperson also said they have “retained leading global cybersecurity specialists to assist in our investigation, and we have been in touch with law enforcement. We have also taken measures to strengthen our cybersecurity posture further, focusing on securing our systems and limiting disruption to our patients and the communities we serve.”
Earlier this month, the company reported several outages that affected its billing and healthcare record systems. According to the Detroit Free Press, the situation at McLaren got so bad that employees had to resort to communicating through their phones since computer systems at their 14 different facilities were shut down.
McLaren operates 13 hospitals across Michigan and other medical services such as infusion centers, cancer centers, primary and specialty care offices, and a clinical laboratory network. The company also runs a medical malpractice insurance company and has a total of 28,000 employees.
According to the McLaren spokesperson, their systems are still in operation, even though the BlackCat ransomware group claims to have their backdoors still running over them.
RestorePrivay has contacted McLaren to provide further insight into the attacks, but we have not heard back at the time this article went live.
About ALPHV BlackCat ransomware group
The ALPHV BlackCat ransomware group is actively targeting healthcare and hotel management systems. The group has also taken credit for the ransomware attack targeting the Andalusia Group, an international working healthcare group. When the healthcare provider failed to respond to BlackCat, the group leaked sensitive information about the customers and partners of the healthcare provider, which consisted of:
- Personal data
- Financial and banking documents
- Insurance information
- Engineering information
- NDA documents
Almost five days ago, BlackCat ransomware groups also targeted the MNGI Digestive Health Group. When the healthcare provider did not respond to the attack, ALPHV BlackCat posted their data on their dark web site website and threatened to spam patients with information regarding the hack and details on how to file a lawsuit.
It’s clear that ransomware groups are now actively targeting the hospitality sector and people must take reliable measures to ensure their security.