INC Ransomware targets McLaren Health Care Hospitals

Cybersecurity Platform

The perpetrators behind recent ransomware attacks seem to lack any sense of empathy or concern for human lives, as their actions jeopardize patient care by disrupting hospital treatments through cyber-attacks.

The latest group to make headlines is the INC Ransomware, which has compromised the IT systems of McLaren Health Care Hospitals. This network of hospitals, which includes over 13 facilities across Michigan and employs more than 640 physicians, is now grappling with the fallout of this cyber incident.

McLaren Health Care has confirmed that it has fallen victim to a ransomware attack and has announced that updates will follow once their investigation is complete. In the interim, hospital IT staff have advised doctors and medical personnel to handle patient care and analyses manually while efforts are underway to restore digital systems. Some operations and emergency services are being redirected to other hospitals or delayed as a result.

Initially, the disruption was thought to be a Distributed Denial of Service (DDoS) attack. However, it was later determined that certain data on the hospital’s servers had been encrypted, and the responsible party is identified as the INC Ransomware group.

McLaren is urging patients to remain calm and is instructing hospital staff to provide the highest level of care possible despite the ongoing issues.

McLaren Bay Region Hospital in Bay City received a ransom note early Wednesday, which also serves as a warning to other hospital networks to be vigilant and guard against similar attacks in the future.

INC Ransomware’s list of victims includes prominent entities such as Yamaha Motors Philippines, Xerox Business America, and Scotland’s National Health Service.

Over the past three months, some threat actors have been offering decryption keys for $10,000 on the dark web, including those related to the INC Ransomware. The availability and legitimacy of these keys, however, remain uncertain.

In July 2024, a threat actor known as ‘Salfetka’ claimed to have stolen and is selling the source code of INC Ransomware. Additionally, a leaked Telegram resource revealed the emergence of a new hacking group called Lynx Ransomware, which is reportedly connected to these developments.

For context, McLaren Health Care previously experienced a cyber attack in July-August 2023, resulting in a data breach that exposed patient information, including social security numbers, health insurance details, medical records, diagnostic results, and Medicare/Medicaid information. In October 2023, the BlackCat (also known as ALPHV) ransomware group publicly announced their breach of the hospital network.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display