IT operations fully back online after attack

McLaren Health Care predicted earlier this month that a full IT recovery would not occur until September (see: McLaren Health expects the IT outage to last until August).

“With the return to normal operations, all temporary measures implemented during the hiatus have been lifted. Providers at all McLaren Health Care hospitals, Karmanos Cancer Centers and outpatient clinics have regained access to patients' electronic medical records,” McLaren Health said in a statement on Tuesday.

McLaren Health said all emergency departments are now open and will accept all patients arriving by ambulance.

Patients can also now schedule appointments at McLaren's outpatient diagnostic facilities, as well as general and specialist practices. In addition, all of McLaren's cancer centers and stroke care facilities are fully operational. Surgeries that were postponed during the ransomware-related outage are being rescheduled.

Clinical staff confirmed to Information Security Media Group that McLaren's IT systems, including EHRs, are up and running. “I worked 12 hours yesterday – it's back online,” a critical care nurse at a McLaren Health hospital told ISMG on Tuesday.

The nonprofit, based in Grand Blanc, Michigan, is still tasked with entering patient data manually collected during the three-week outage. That process began over the weekend and is expected to take several weeks.

McLaren Health said it is still investigating whether patient or employee data was stolen in the attack. The attack prompted state agencies, including Michigan Attorney General Dana Nessel, to issue warnings to patients this month that the incident could potentially lead to identity theft and fraud (see: Officials warn of risks as McLaren recovers from attack).

The cybercriminal group Inc Ransom quickly claimed responsibility for the attack, which McLaren discovered on August 6.

Whether McLaren paid a ransom to the attackers in the latest incident to speed up the recovery “would be pure speculation,” said David Finn, executive vice president at security consultancy First Health Advisory. “Unless they tell us, there is not enough information to make fact-based speculation,” he said.

McLaren's three-week IT recovery from the cyber incident is faster than ransomware attacks on similar companies, said Finn, who previously worked as a healthcare CIO. “I would say that was a pretty quick recovery for a system the size of McLaren.”

The incident is the second ransomware attack on McLaren within a year (see: McLaren Health hit by ransomware for the second time in a year).

Last fall, the Russian-speaking ransomware gang BlackCat/Alphv claimed to have stolen 6 terabytes of McLaren Health data, putting confidential information of more than 2 million patients at risk. McLaren Health has not publicly disclosed whether it paid a ransom to BlackCat (see: Group claims to have stolen data from 2.5 million patients in attack).