|
FOR IMMEDIATE RELEASE:
August 9, 2024
|
|
AG Nessel Alerts Consumers of Ways to Protect Their Data After McLaren Cyber Attack |
|
LANSING ? Michigan Attorney General Dana Nessel is reminding residents about consumer protection tips in the wake of McLaren Health Care?s most recent IT disruption.?
?These events serve as a clear warning that our most private information is under constant threat from cybercriminals,? said Nessel. ?I encourage everyone to be diligent in safeguarding their accounts and to be on the lookout for any indications of personal data exploitation. Unfortunately, at this time information is scarce as to what information may have been exposed. While more than 30 other states have laws requiring State notification of significant breaches, Michigan is not among them, and consumer protection agencies like ours often only learn of these attacks by media reporting.??
Nessel wants consumers to understand the importance of protecting their medical information after a data breach and to recognize the warning signs that may indicate someone is using their information. Affected individuals should watch out for:
- A bill from your doctor for services you didn?t receive.
- Errors in your Explanation of Benefits (EOB), like services you never received or medications you don?t take.
- Calls from debt collectors about medical bills you don?t owe.
- Medical debt collection notices on your credit report that you don?t recognize.
- A notice from your health insurance company saying you?ve reached your benefit limit.
- Denied insurance coverage due to a pre-existing condition you don?t have.
A statement on McLaren?s website indicates the disruption, which was reported on Tuesday, August 6, was the result of a ?criminal cyber attack.? McLaren?s statement goes on to indicate its facilities are ?largely operational,? but admits it has limited access to its systems.?
In October of last year, McLaren was the victim of another attack by a cybercriminal gang known as BlackCat/AlphV, which claimed to have stolen the sensitive personal health information of 2.5 million McLaren patients. Approximately 2,148,749 Michigan residents were sent data breach notice letters advising that certain of their personal information may have been impacted.?
McLaren Health Care is a 13-hospital integrated healthcare system based in Grand Blanc, Michigan. Among its facilities is Michigan?s largest network of cancer centers and providers.?
If you receive a notification letter or hear about a data breach at one of your medical providers, take these steps to secure your medical and financial accounts:
- Change the passwords on any medical portals you use.
- Check your EOBs from insurers carefully.
- Contact your bank and credit card issuers to place an alert on your accounts.
If consumers are concerned that their data may have been impacted, they can also consider freezing their credit. A credit freeze prevents creditors?such as banks or lenders?from accessing individuals? credit reports. This will stop identity thieves from taking out new loans or credit cards in consumer?s names because creditors will not approve their loans or credit requests if they cannot first access their credit reports. By law, a credit bureau must allow you to place, temporarily lift, or remove a credit freeze for free.?
When consumers freeze their credit with each bureau, the bureaus will send them a personal identification number. The consumers can then use that PIN to unfreeze their credit if they want to apply for a loan or credit card. Consumers can also use the PIN to freeze their credit again after they have applied for loans or a new credit card.?
Individuals will have to freeze their credit with each bureau: Experian, Equifax, and TransUnion.
Cyber attacks in the healthcare sector have been increasing, as well as the severity of the data breaches. The largest data breach in 2023 compromised over 8 million records. In 2022, eight out of the eleven biggest data breaches happened at hospitals or health systems.??
Ransomware is one of the most common threats against healthcare organizations. The FBI received 870 complaints of ransomware attacks last year?210 of them from healthcare entities, more than any other sector.?
The healthcare industry is highly targeted by cyber attacks because of the large amount of Personal Health Information?stored on its systems. These data breaches are costly, with the average breach costing over $11 million to fix.?
The McLaren attack comes only months after a ransomware attack on the St. Louis-based Catholic healthcare system Ascension, which operates 15 hospitals in Michigan, and only weeks after Michigan Medicine announced that up to 56,953 patients may have had some health information compromised when employee emails were hacked between May 23 and May 29, 2024. ?
McLaren has not provided a date for when its systems will be fully functional again.?
|
|
|
|