Go Back

McLaren’s ALPHV Ransomware Attack: What It Means for Healthcare


Brendon Rod

Co-founder and CEO

Healthcare’s Ransomware Crisis

In the expanding realm of cyber threats, healthcare systems are finding themselves increasingly targeted.

The recent ransomware attack on McLaren HealthCare, a prominent healthcare system in Michigan, offers a glaring testament to this disturbing trend.

Breaking Down the ALPHV Attack

McLaren HealthCare promptly launched an investigation upon detecting suspicious activities on its expansive computer network. The outcome of the inquiry confirmed a significant ransomware attack. With patient privacy at the forefront of concerns, the looming potential of a data leak on the dark web adds pressure to an already grave situation.

McLaren HealthCare: An Overview

Spanning 13 hospitals across Michigan, McLaren HealthCare’s influence in the healthcare sector is considerable.

Beyond its vast hospital network, McLaren operates various other entities, including infusion centers, cancer centers, primary and specialty care offices, and even a proprietary medical malpractice insurance company.

Assessing the Impact

The aftermath of the attack left a tangible imprint.

Earlier in the month, McLaren disclosed system outages affecting critical components like billing and electronic health record systems. As the disruption escalated, the organization was forced to suspend computer networks across 14 of its facilities. The ensuing chaos compelled staff to use personal cellphones as a communication lifeline.

Behind the Attack: Black Cat/ALPHV Ransomware Gang

Notoriously audacious, the Black Cat/AlphV ransomware gang openly admitted to orchestrating the McLaren breach. Their audacity is further accentuated by their claim of extracting 6 terabytes of potentially sensitive data, including operational videos from hospitals.

McLaren’s Responsive Measures

In a proactive response to the breach, McLaren has enlisted the expertise of global cybersecurity specialists.

Collaborative efforts with law enforcement agencies have been initiated, aiming to both rectify and preempt future threats. While measures are actively being deployed to enhance their cybersecurity stance, the operational status of the impacted systems remains uncertain.

A Broader Perspective

Placed within a larger context, McLaren HealthCare’s predicament isn’t unique.

Recent ransomware attacks targeting several U.S. healthcare networks underscore the urgency of bolstering cybersecurity measures. The magnitude of these incidents has even garnered Congressional attention, spotlighting the need for a comprehensive, sector-wide strategy.

A Call for Enhanced Resilience

The AlphV-led ransomware attack on McLaren HealthCare is more than a stark reminder of healthcare’s cyber vulnerabilities—it’s a clarion call for resilience. In this ever-evolving threat landscape, it’s no longer enough to merely react to cyber threats. Healthcare institutions must proactively build robust defenses and embed resilience into their core, ensuring continuity in the face of unforeseen cyber adversities.

Further Reading

For an in-depth understanding of how healthcare institutions are taking proactive steps to ensure business continuity in the face of cyber threats, explore our detailed use case:
Healthcare Giant Aspires to Bolster Business Continuity with Robust IAM Resilience Platform


  1. Rafati, R. McLaren HealthCare in Michigan Hit by Ransomware. September 28, 2023. 
  2. The RecordLarge Michigan healthcare provider confirms ransomware attack. September 29, 2023.




Looking to stay in the loop on the latest IAM trends and updates?


Subscribe to the FiveNines IAM newsletter today and gain access to exclusive insights from industry leaders, groundbreaking companies, and global news outlets. Don’t miss out on the must-read monthly newsletter that delivers the juiciest edition yet of IAM resilience.


Subscribe on Linkedin now and stay ahead of the curve!

Scroll to Top
Skip to content