A Year Later, McLaren Health Notifies Customers of Data Breach Affecting Over 743,000
McLaren Health Care on Friday notified customers of a data breach in its computer systems last summer that may have exposed the personal data of 743,131 people.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
McLaren identified suspicious activity related to computer systems on August 5, 2024, and "immediately activated ... emergency response processes," it said in a letter to impacted individuals. It also launched an investigation, along with third-party forensic specialists, to "secure our network and to determine the nature and scope of the activity."
The investigation found that unauthorized access to McLaren's network occurred between July 17 and Aug. 3, 2024. The forensic review, which finished on May 5, 2025, revealed the potentially exposed files included social security numbers, health insurance information, driver's license numbers and medical information.
Despite not notifying customers about the incident until June 20, 2025, the letter said that "following the cybersecurity attack, updates were provided on the mclaren.org and karmanos.org pages and a call center was established to answer questions from our patients and our communities." Karmanos is a cancer care and research center that is part of McLaren.
The notification letter didn't mention the number of people impacted. The Maine Attorney General's Office reported that 743,131 were affected, including 25 state residents.
In response to the incident, McLaren said it is offering identity theft protection services and 12 months of credit monitoring to those potentially impacted.