McLaren Health Care Hit with Class Action Lawsuits Following Ransomware Attack


October 11, 2023

World map

A ransomware attack that exposed the personal health information (PHI) of 2.5 million McLaren Health Care patients could potentially result in multiple federal class action lawsuits for the company’s failure to protect patient records.

“This attack shows, once again, how susceptible our information infrastructure may be,” BankInfoSecurity reports Michigan state attorney general Dana Nessel as stating.

“Organizations that handle our most personal data have a responsibility to implement safety measures that can withstand cyberattacks and ensure that a patient’s private health information remains private.”

Takeaway: If a ransomware attack does not kill a business, the legal and regulatory fallout certainly could. The financial losses stemming from a ransomware attack can go far beyond incident response and recovery action.  

On average, a ransomware attack costs more than $4M. to fully remediate, but these estimates do not include potential losses from lawsuits and other tangential costs like damage to the brand, lost revenue, lost production from downed systems, and other collateral damage, such as Intellectual property and regulated data loss.

Most ransomware attacks today include data exfiltration prior to the encryption of systems. The stolen data is used as leverage to compel the victim to pay the ransom demand with the threat of releasing or otherwise exposing the data if payment is not made.

These “double extortion” schemes may also involve the demand for an additional ransom payment to ensure the data is not leaked or sold on the dark web. The exposure of this data in ransomware attacks is more often leading to lawsuits, some reaching class-action status.

Current solutions available in the market, while robust and effective for some threats, do not fully protect against ransomware attacks because they were built to detect malware variants in general, but were simply not designed to recognize ransomware.

Attackers are getting more proficient at automating aspects of the attack progression by exploiting known vulnerabilities for initial access, improving stealthy payload delivery, fine tuning evasion techniques, and exponentially improving encryption speeds, we will likely continue to see an escalation in attacks.

Organizations who handle sensitive and regulated data need to assure they are doing their due diligence in implementing the correct security controls and conducting regular assessments and tabletop exercises.

Ransomware is a multi-billion-dollar industry that is growing at an astounding pace – if you think your organization is immune, you might be headed for an unpleasant surprise. is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile (PDF).