McLaren Health Care has issued a warning to 743,000 patients following a significant data breach attributed to the INC ransomware gang. The breach originated from an attack in July 2024, becoming public knowledge after the organization completed forensic investigations on May 5, 2025. Notice of the data breach was circulated to affected individuals last Friday.
As a nonprofit health system with annual revenues of $6.6 billion, McLaren operates 14 hospitals across Michigan. It employs nearly 28,000 staff members and collaborates with another 113,000 providers throughout Michigan and Indiana. The organization’s patient databases were reportedly compromised as a result of the attack, prompting requests for patients to carry their appointment and medication details during hospital visits.
While the specific attackers were not mentioned, an employee at McLaren’s Bay City hospital brought attention to the incident when they shared ransom notes linked to the INC group that were found printed on hospital printers. In an official notification to impacted individuals, McLaren acknowledged the cybersecurity attack without explicitly naming the group responsible.
The organization’s investigation revealed that the cybercriminals maintained unauthorized access to McLaren’s systems from July 17, 2024, until August 3, 2024. McLaren has confirmed that the breach resulted in the exposure of full names, although other specific data types that were compromised have not been fully disclosed. This incident marks the second major data breach for McLaren Health Care in recent years, following a prior breach in July 2023 that involved the ALPHV/BlackCat ransomware group, affecting 2.2 million individuals.
For continued updates on the status of their data security measures, McLaren Health Care encourages affected individuals to stay informed through the official notices provided.