Operations are restored at McLaren Health Care after a cyber attack crippled systems at its 13 hospitals throughout Michigan, Indiana and Ohio this month.
In a press release, the health system did not say if employee and patient data had been stolen and held for ransom. An investigation continues into what is the second attack on McLaren in a year.
Since the health system was compromised on Aug. 5, McLaren said it’s had to manually input patient patient’s health records - which can slow down hospital operations.
Patients told the Detroit Free Press earlier this month that the attack canceled cardiac tests and radiation treatments for cancer. Some ambulances were diverted from McLaren hospitals. Appointments had to be canceled because physicians couldn't access certain reports and lab test results.
Jeff Tully is an associate clinical professor in the Department of Anesthesiology and co-director of the Center for Healthcare Cybersecurity at the University of California in San Diego. He said modern hospitals often rely on “network-connected” technology to function.
“The patient populations that we worry most about in the setting of a ransomware attack are the patients with what we call ‘time sensitive medical conditions,’” Tully said. “So they can be things like strokes and heart attacks or sepsis… where we need to depend on things like laboratory results or imaging from CT scanners that are sometimes network connected.”
Tully said there is work being done to create preventative measures for hospital cybersecurity issues but that there isn’t much health care workers can do after an attack has occurred.
His work with the Center for Healthcare Cyber security aims to develop plans and protocols for those situations - things like shifting patients to other hospitals and quickly getting access to cybersecurity professionals.
“These attacks are often seen as just IT emergencies, instead of really encompassing the full clinical workflow,” Tully said. “[We need] the folks who normally respond to things like earthquakes or hurricanes, the emergency managers.”
While McLaren did not confirm if the Aug. 5 attack resulted in patient and employee data being stolen, it did happen last year.
In August 2023, a ransomware gang known as BlackCat/AlphV claimed responsibility. The gang said it stole 6 terabytes of data, including the personal information of 2.5 million patients.
According to the U.S. Department of Health and Human Services, cyber attacks on hospitals and health systems are on the rise.
"From 2018-2022, there has been a 93% increase (369 to 712 total incidents). With a 278% increase in large breaches involving ransomware," the department said in a 2023 press release.
Josephine Wolff is a professor of cybersecurity policy in the Department of Computer Science and the Flecher School of Global Affairs at Tufts University.
She works to create policy for hospitals to improve their cyber security. Things like keeping their software updated, hiring the right cybersecurity experts.
“It's not that there isn’t guidance on all of these things available, but I think for healthcare institutions that are facing a lot of budget constraints, a lot of operational constraints, that might make sense to have sort of even more tailored guidance around some of this,” she said.
A McLaren spokesman would not name the agency investigating the incident but the U.S. Department of Health and Human Services’ Office of Civil Rights typically takes that responsibility when health systems are the victim.
There are currently more than 700 active hacking cases under investigation by that office right now, according to McLaren.
“McLaren is continuing its work with cybersecurity experts to determine what, if any, patient or employee information was compromised,” the company said in a press release. “If it is determined that any protected health information (PHI) or personal information was compromised, those individuals will be contacted directly.”
McLaren patients are urged to seek care as they normally would.
For patients, experts recommend taking ownership of your own health records like keeping updated lists of medications and lab results in case of emergency.
To avoid cyberattacks, keep passwords strong, enable multi-factor authentication and update your computer regularly.
