McLaren Health Care IT Systems Now Restored After the Ransomware Attack
McLaren Health Care has reported the successful restoration of all IT systems impacted by the ransomware attack on August 6, 2024. The restoration includes its electronic medical record (EHR) system. Initially, McLaren Health Care anticipated that the full restoration process would extend into early September, but the nonprofit healthcare company has finished the recovery a couple of days before schedule.
In a recent update, McLaren Health Care reported that its emergency departments are fully operational and accepting patients via emergency medical services for all types of medical conditions. Surgeries scheduled from August 27, 2024, have resumed as planned. Radiation therapy units at the McLaren Stroke Network and Karmanos Cancer Institute are now fully functional, and the primary and specialty care offices are accepting appointments. Outpatient diagnostic imaging services can also now be scheduled.
McLaren Health Care expressed deep gratitude to its patients for understanding and being patient during the restoration process. Thanks also go to the McLaren Health Care teams that worked hard to completely re-establish its network. Special acknowledgment was given to the dedication and resilience of McLaren’s team members, whose efforts during the cyberattack were described as inspiring.
While restoring IT systems marks a milestone in McLaren Health Care’s recovery, the work is far from over. Temporary measures, such as the manual recording of patient data, have already been lifted. However, McLaren Health Care is still in the process of rescheduling consultations and surgeries that were postponed or canceled because of the cyberattack. Additionally, patient information that was recorded by hand during the past three weeks must be inputted into the EHR system. This data entry process has already begun but is expected to take several weeks to finish.
At this time, McLaren Health Care has not yet determined whether patient data was exposed during the attack and to what extent. The analysis of data and systems is in progress. When McLaren Health Care confirms the exposure or theft of patients’ protected health information (PHI), it will notify the impacted individuals and report the data breach to the Office for Civil Rights (OCR), which operates under the U.S. Department of Health and Human Services (HHS).