Second data breach hits McLaren Health Care

McLaren Health Care suffers second major data breach

McLaren Health Care, one of Michigan’s largest healthcare systems, has confirmed a second major data breach. The incident comes less than two years after a previous cyberattack exposed the data of millions. The latest breach affects over 743,000 individuals.

In June 2025, McLaren began notifying patients that an unauthorized party had accessed its systems between July 17 and August 3, 2024. The breach was discovered on August 5, triggering an internal investigation supported by external cybersecurity experts.

Sensitive data exposed

The investigation revealed that a range of personal and medical data had been compromised. This includes:

• Full names

• Social Security numbers

• Driver’s license and ID numbers

• Dates of birth

• Medical treatment information

• Health insurance details

McLaren is offering 12 months of free credit monitoring and identity theft protection to those affected.

If you want to understand how identity theft works and what steps you can take to protect yourself, learn more in our guide to identity theft and how to deal with it.

A repeated security failure

McLaren Health Care has been the target of cyberattacks before. In 2023, the organization suffered a ransomware attack that disrupted hospital operations and led to the exposure of data belonging to more than 2.2 million individuals. At the time, the incident sparked criticism over the healthcare provider’s cybersecurity readiness.

The latest breach raises new concerns. It shows that even after a major attack, organizations in the healthcare sector may remain vulnerable unless continuous improvements are made.

Notification delays raise questions

Although the breach happened in mid-2024, McLaren did not notify affected individuals until nearly a year later. The forensic investigation concluded in May 2025, and notification letters were sent out in June. Delays like this increase the risk for those affected, as stolen data could already be in use before people are aware of the threat.

Cyber risks in healthcare

Hospitals and healthcare providers are prime targets for cybercriminals. They store vast amounts of personal data, often rely on outdated systems, and have limited cybersecurity resources. The consequences of a breach in this sector go far beyond financial loss. They can directly impact patient care and erode public trust.

McLaren’s repeated breaches underline a broader problem in the industry. One-off fixes are not enough. Cybersecurity must be built into the daily operations of healthcare organizations and supported by strong leadership and a culture of awareness.

Other healthcare providers have faced similar incidents in recent months. The ransomware attack on Mediclinic disrupted hospital operations across Southern Africa, while DaVita faced the alleged theft of 20 terabytes of sensitive patient data. You can read more in our articles on Mediclinic hit by Everest ransomware group and 20TB of DaVita healthcare data allegedly stolen.

What affected individuals should do

If you received a notification from McLaren, take action as soon as possible. Sign up for the free credit monitoring. Place a fraud alert or credit freeze with major credit bureaus. Regularly check your financial accounts and medical records for suspicious activity. Be cautious of phishing attempts that use information stolen in the breach.