Over 700k people hit in major healthcare data breach — full names, SSNs, medical info and more exposed
According to CyberNews, McLaren and Karmanos, a cancer institute affiliated with McLaren Health Care, were involved in the breach, which compromised sensitive personal information, including names, Social Security numbers, driver's license numbers, medical records, and health insurance details.
Threat actors can use such information to commit further malicious actions, such as medical identity theft —essentially, filing false claims to health insurers using the stolen information, or creating a victim profile that is used for identity theft, social engineering, or phishing attacks.
McLaren Health Care did not provide any details about the kind of breach or nature of the cyberattack in this instance. In 2023, the company was victim of a ransomware attack by BlackCat, also known as ALPHV, which then posted the results of the attack on its dark web blog. In that instance, similar personal information was taken; additionally, medical record numbers, claims information, and diagnosis information were included in the breach.
McLaren Health Care operates 3100 licensed beds and covers 732,000 people across its health maintenance organization plans, and had a net revenue of $6.6 billion in 2024.
First, ensure that you're changing the passwords for your accounts and using unique, strong passwords for each one. When possible, use passkeys instead. Always use two-factor or multi-factor authentication when available.
The biggest threat will be phishing attacks and online fraud, so avoid clicking on links, QR codes or downloading attachments from unknown senders. If you receive something that appears to be from someone you know, confirm it with them in an independent manner, such as calling them on the phone or texting them.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
If you haven't signed up for one of the best identity theft protection services, now might be a good time to look into them. You can also consider putting fraud alerts on your files with the Big Three credit-reporting agencies Equifax, Experian and TransUnion, and even instituting a credit freeze (although doing so can complicate getting a loan or opening new payment accounts).
When going online, make sure you have one of the best antivirus software programs installed and up to date, since these programs often include a VPN, password manager, secure browser and other extra security tools to help keep you safe online.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Health Line
21 hours ago
- Health Line
Can You Lose Medicare Coverage?
Medicare coverage is a lifelong benefit for individuals who meet eligibility criteria. However, there are certain situations where a person may have their coverage canceled. To be eligible for Medicare, the federal health insurance program for older adults in the United States, you need to be 65 years of age or older. If you're younger than 65 years old, you may qualify for Medicare if you: have disability and collect Social Security Disability Insurance have end stage renal disease (ESRD) have amyotrophic lateral sclerosis (ALS) If you meet the eligibility requirements for Medicare, you have a right to coverage for the rest of your life. However, it's possible for your coverage to be canceled or discontinued. In this article, we discuss when this might occur and how to reenroll. Why might you lose Medicare coverage? A person may lose their Medicare coverage if they: stop paying their plan's premiums move out of their plan's service area no longer meet the eligibility criteria for the plan Nonpayment of Medicare premiums If you stop paying your monthly premiums, Medicare may terminate your coverage. Individuals enrolled in Original Medicare may have premium payments for Part A and Part B. Generally, there is a grace period of a couple of months after a person stops paying their premium. During this time, you can get caught up on your payments. However, if you don't resume them, Medicare will disenroll you from your coverage. If you're enrolled in a Medicare Advantage (Part C) or Part D plan, you'll also need to continue paying your monthly premiums or risk termination of your coverage. Moving out of a plan's service area If you move your permanent residence outside of your plan's service area, it may affect your coverage. Original Medicare coverage works anywhere in the United States. If you move abroad, you can stay enrolled in Medicare, but it won't cover any healthcare services you receive. Likewise, if you're incarcerated, you can keep your Original Medicare coverage, but it won't be applied toward any of your healthcare costs, which will be covered by the penal institution. Medicare Advantage plans work a bit differently. These plans have regional service areas, and your home address determines which plans you're eligible for. If you move out of your county or state, it's possible that you'll no longer be in your plan's service area. If you have a Medicare Advantage plan and become incarcerated, the plan will consider you outside its service area and disenroll you. If this happens, you may be disenrolled from the plan. No longer meeting eligibility criteria If you're eligible for Social Security Disability Insurance (SSDI), you're also eligible for Medicare. Eligibility involves having a condition that: prevents you from working at the substantial gainful activity (SGA) level prevents you from working at the same level you once did is expected to last for at least a year or be fatal If you no longer meet the eligibility requirements for disability with the Social Security Administration, and you're younger than 65 years old, your Medicare coverage may be discontinued. However, if you have a qualifying disability but end up returning to work, you won't automatically lose your Medicare coverage, provided your disability persists. If you qualify for Medicare due to ESRD, your Medicare coverage will end 12 months after you stop receiving dialysis and 36 months after a successful kidney transplant. Depending on why you lost Medicare coverage, you can likely reinstate it. If you are disenrolled from Original Medicare, a Medicare Advantage plan, or a Part D plan due to nonpayment of the plan's premium, you'll have to wait until the Medicare open enrollment period to sign back up. However, if you go without Medicare coverage for an extended time, you may be responsible for paying late enrollment penalties after you do enroll. People who lost coverage due to leaving their plan's service area may be able to avoid late enrollment penalties by qualifying for a special enrollment period (SEP). SEPs allow people to enroll in coverage outside of traditional enrollment periods. If you have questions about reenrolling in Medicare after losing coverage, consider speaking with a Medicare representative about your situation or contacting your local State Health Insurance Assistance Program (SHIP). The information on this website may assist you in making personal decisions about insurance, but it is not intended to provide advice regarding the purchase or use of any insurance or insurance products. Healthline Media does not transact the business of insurance in any manner and is not licensed as an insurance company or producer in any U.S. jurisdiction. Healthline Media does not recommend or endorse any third parties that may transact the business of insurance.
Newsweek
21 hours ago
- Newsweek
Social Security Announces Major Change
Based on facts, either observed and verified firsthand by the reporter, or reported and verified from knowledgeable sources. Newsweek AI is in beta. Translations may contain inaccuracies—please refer to the original content. The Social Security Administration announced that it has added 13 conditions to its Compassionate Allowances (CAL) list on Monday. The added conditions aim to accelerate disability determinations for people with serious medical conditions, the agency said in a press release. Why It Matters The CAL initiative was designed to fast-track claims for applicants whose diagnoses clearly met Social Security's statutory standard for disability. More than 1.1 million applicants have been approved through the accelerated pathway since CAL began, according to the SSA press release. What To Know The expansion increased the total number of conditions on the CAL list to 300, which the SSA said would help the agency reach decisions more quickly for applicants with specific, severe diseases and conditions. The 13 conditions added in the Monday announcement include: Au-Kline Syndrome Bilateral Anophthalmia Carey-Fineman-Ziter Syndrome Harlequin Ichthyosis – Child Hematopoietic Stem Cell Transplantation LMNA-related Congenital Muscular Dystrophy Progressive Muscular Atrophy Pulmonary Amyloidosis – AL Type Rasmussen Encephalitis Thymic Carcinoma Turnpenny-Fry Syndrome WHO Grade III Meningiomas Zhu-Tokita-Takenouchi-Kim Syndrome According to the SSA, when applicants submit medical evidence indicating a CAL condition, the agency can identify and prioritize those claims using advanced tools. The CAL list was first introduced to reduce waiting times for applicants with clearly disabling conditions, and the SSA said the program remains fully policy-compliant while speeding determinations for eligible claimants. File photo of a Social Security Administration office in Washington, D.C. File photo of a Social Security Administration office in Washington, D.C. SAUL LOEB/AFP via Getty Images What People Are Saying SSA Commissioner Frank Bisignano, in a statement: "We are constantly looking for ways to improve our disability programs and serve the public more effectively. By adding these 13 conditions to the Compassionate Allowances list, we are helping more people with devastating diagnoses to quickly receive the support they need. This is part of our broader commitment to making the disability determination process as responsive and compassionate as possible." Alex Beene, a financial literacy instructor for the University of Tennessee at Martin, told Newsweek: "This is certainly welcome news for Americans who have any of the 13 added conditions to the list of those that now qualify for expedited consideration under the Compassionate Allowances List the administration provides. For some disability benefits under SSA, wait times can be lengthy in order for the administration to verify the potential beneficiary's condition and determine the next steps." Kevin Thompson, the CEO of 9i Capital Group and the host of the 9innings podcast, told Newsweek: "While claims still have to go through the traditional process, the agency is now using advanced technology to speed things up. If you're diagnosed with something on the Compassionate Allowances list, your claim could be processed much faster." What Happens Next The SSA encourages applicants to apply online at if they believe they have a CAL condition. "Long term, this could mean fewer delays and less financial strain for those facing serious medical conditions, but it also puts pressure on Social Security to keep up with technology and ensure the system remains fair and accurate," Thompson said.
Miami Herald
3 days ago
- Miami Herald
In letter, US senators admonish UnitedHealth after second major cyberattack in a year
Another major computer breach involving UnitedHealth Group has prompted two U.S. senators this week to query the health care giant about the adequacy of its cyber defenses. Episource, a UnitedHealth subsidiary, had its systems hacked last winter, exposing the data of 5.4 million people. The cyberattack appears to be the second-largest U.S. health care hack this year and follows a record-breaking breach in February 2024 of another United subsidiary, Change Healthcare. The Change cyberattack is regarded as the largest ever U.S. health care hack. It affected the data of 190 million people - about half the country's population. "The recently reported hack of Episource, a subsidiary of UnitedHealth Group (UHG), raises significant questions about UHG's efforts to safeguard patient information," Sen. Bill Cassidy, R-La., and Sen. Maggie Hassan, D-N.H., wrote Monday to UnitedHealth CEO Stephen Hemsley. "We have seen the recent threat that hostile actors, including Iran may pose on health care entities and UHG's repeated failures to protect against such attacks jeopardizes patient health." The senators asked UnitedHealth to respond by Aug. 18. In a statement, the company said: "We are in receipt of the senators' letter and look forward to providing them the information they requested." Eden Prairie-based UnitedHealth is one the nation's largest companies and the biggest U.S. health insurer. Episource, like Change Healthcare, is part of the company's Optum group, which runs clinics, manages pharmacy benefits and provides other services to health care companies. California-based Episource specializes in health care technology and data services. Its customers include medical providers and health care plans. Episource said in a statement that it found "unusual activity in its computer systems" on Feb. 6. An investigation found that a "cybercriminal was able to see and take copies of some data" between Jan. 27 and Feb. 6. The breach didn't affect all of Episource's customers. Data that may have been compromised included contact information - names, addresses, phone numbers - and health insurance information such as "Medicaid-Medicare government payor ID numbers." Hackers also accessed health data – diagnoses, test results, medicines, treatment records – and to a limited extent, Social Security numbers, according to Episource. After completing its investigation, the company said it started notifying customers about the breach on April 23. Episource reported the hack to the U.S. Department of Health and Human Service on June 6, saying it affected 5.4 million people, according to the department's website. At the time, Episource said it was unaware of any misuse of the exposed data. In their letter to Hemsley, Hassan and Cassidy asked UnitedHealth for more information about the Episource hack and for updates on the company's handling of the Change Healthcare breach. Change Healthcare shut down its computer systems in February 2024 to contain the cyber debacle, throwing a wrench into the nation's health care system. When the hack hit, Change Healthcare processed a large share of all health care claims and payments in the U.S. - roughly 15 billion transactions annually. UnitedHealth's then-CEO Andrew Witty was compelled to testify before Congress in May 2024 about the breach. The hack has produced a storm of litigation, too, as heath care companies seek compensation from UnitedHealth for millions of dollars of alleged losses. More than 70 separate lawsuits against Change Healthcare have been consolidated in a multidistrict litigation case in federal court in Minnesota. Such cases are used in the federal court system for complex legal matters involving many separate but similar claims. Copyright (C) 2025, Tribune Content Agency, LLC. Portions copyrighted by the respective providers.
