McLaren Healthcare Pwned By Ransomware…. 2.5 Million Affected

McLaren HealthCare, one of the largest healthcare systems in Michigan, confirmed that it is dealing with a ransomware attack after the Black Cat/AlphV gang claimed to have stolen 6 TB of data, including the personal information of 2.5 million people.

“McLaren your security is at an all-time low, and we’ve proven it to you. Our backdoor is still running on your network, you decided to play with us, we have a great sense of humor too, and we know how to have fun. See you again…,” said Black Cat on their leak site.

McLaren operates 13 hospitals and numerous other healthcare facilities across Michigan, and, earlier this month, the company reported outages not only affecting billing and electronic health record systems but forced McLaren to shut down the computer networks at 14 different facilities; employees had to use their personal phones to communicate.

A spokesperson for McLaren said systems remain operational but did not comment as to whether billing and record systems had been restored to functionality, nor did they say whether a ransom would be paid.

“We have also taken measures to further strengthen our cybersecurity posture with a focus on securing our systems and limiting disruption to our patients and the communities we serve,” said a spokesperson for McLaren.

Stephen Gates, Principal Security SME, had this to say:

   “Today, no organization is immune to the threat of a successful ransomware campaign, but there is something every organization can do about managing their risk – and now is the time to do it. Organizations must immediately discover where their greatest exploitable weaknesses are and remediate them before it’s too late.

   “In most cases, the ransomware attacks making news daily are not being enabled by some recent CVE. Instead, there are easily exploitable weaknesses residing in almost every organization’s network that are making the ransomware actors “jobs” much easier. Here are the Top 20 issues that we see in organizations networks on a reoccurring basis.

  1. Credential Reuse Across Systems
  2. Unsecured Admin Credentials
  3. Insecure Active Directory Configurations
  4. Default Service Accounts
  5. Inadequate Access Control
  6. Deficient Network Segmentation
  7. Insecure Network Protocols in Use
  8. Unsafe File Sharing Practices
  9. Improperly Secured Databases
  10. Password/Credential Exposure
  11. Exposed RDP Ports
  12. Absence of Multi-factor Authentication (MFA)
  13. Misconfigured Security Controls
  14. Outdated Hardware/Software
  15. Insufficient Incident Response Processes
  16. Missing Patches and Updates
  17. Misconfigured Firewalls
  18. Insecure Wireless Networks
  19. Insecure IoT Devices
  20. Shadow IT

This isn’t a trivial amount of people who have been affected by this. It makes me wonder if companies take cybersecurity seriously.

Leave a Reply

%d bloggers like this: