MHC A.I CyberSecurity Scoring
MHC
Company Information
Website:http://www.mclaren.org
Employees number:9,128
Number of followers:33,548
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:mclaren.org
MHC Risk Score (AI oriented)
Between 0 and 549
MHCHospitals and Health Care
Updated:
29/03/2026
29/03/2026
415/1000
Critical
C
MHC Global Score (TPRM)
xxxx
MHCHospitals and Health Care
Score locked

MHCCritical
Current Score
415C (CRITICAL)
01000
5 incidents
0 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
445
JUNE 2026
442
MAY 2026
425
APRIL 2026
425
MARCH 2026
415
FEBRUARY 2026
402
JANUARY 2026
398
DECEMBER 2025
381
NOVEMBER 2025
378
OCTOBER 2025
368
SEPTEMBER 2025
357
AUGUST 2025
346
AUGUST 2024
194
Cyber Attack
08 Aug 2024 • MHC
McLaren Health System: McLaren Health hit by criminal cyber attack
McLaren Health System Hit by Second Cyberattack in a Year, Disrupting Operations Across 13 Facilities
177
CRITICAL-17
MCL1774745246
McLaren Health System Hit by Second Cyberattack in a Year, Disrupting Operations Across 13 Facilities
McLaren Health System confirmed that a criminal cyberattack caused a technology disruption earlier this week, affecting all 13 of its facilities, including locations in northern Michigan such as Petoskey and Cheboygan. The incident marks the second attack on the health system in 12 months, though officials stated the two events are unrelated.
The disruption began Monday, with phones and computers going offline. While McLaren’s IT team, alongside external cybersecurity experts, continues to investigate the attack and mitigate its impact, it remains unclear whether patient or employee data was compromised. Patients have been advised to attend scheduled appointments but to bring copies of their medical information as a precaution.
This latest breach follows a ransomware attack in August 2023, for which the BlackCat/AlphV gang claimed responsibility. The group alleged it stole 6 terabytes of data, including the personal information of 2.5 million patients. The incident reflects a broader trend of escalating cyber threats against healthcare providers. According to the U.S. Department of Health and Human Services, cyberattacks on hospitals and health systems surged by 93% from 2018 to 2022, with ransomware-related breaches increasing by 278%. Such attacks have led to care disruptions, patient diversions, and delayed medical procedures, posing risks to patient safety.
Healthcare systems remain prime targets for cybercriminals due to the vast amounts of sensitive data they store, including medical records, financial details, and personally identifiable information. McLaren issued an apology for the inconvenience caused by the attack, acknowledging the disruption to patients, families, and visitors.
INCIDENT DETAILS -
TYPE
IMPACT
REFERENCES
AUGUST 2024
423
Ransomware
01 Aug 2024 • MHC
McLaren Health Care and Karmanos Cancer Institute
McLaren Health Care and Karmanos Cancer Institute Data Breach
191
CRITICAL-232
MCL600062425
A ransomware attack between July and August 2024 affecting McLaren Health Care and Karmanos Cancer Institute has resulted in a data breach affecting nearly 750,000 people. Hackers stole data including Social Security numbers, health insurance information, driver's license details, names, and medical data. The breach was linked to the INC ransomware gang. The attack disrupted IT and phone systems, leading to cancellations and rescheduling of surgeries, appointments, and treatments. Affected individuals are being offered a year of free credit monitoring.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2023
412
Breach
01 Nov 2023 • MHC
McLaren Health Care
McLaren Health Care Data Breach
337
CRITICAL-75
MCL120121123
McLaren Health Care (McLaren) suffered a data breach that exposed almost 2.2 million people's sensitive personal data.
When the corporation saw unusual activity, it promptly hired outside forensic specialists to assist with the investigation.
McLaren discovered that during the unauthorised actor's access, they were able to obtain specific data that was kept on the network.
McLaren conducted a comprehensive examination of the potentially affected files as part of an ongoing inquiry to find out if any sensitive material was there.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
JULY 2023
568
Ransomware
01 Jul 2023 • MHC
McLaren Health Care
McLaren Health Care Data Breach
372
CRITICAL-196
MCL601062325
McLaren Health Care suffered a data breach in July 2024 caused by the INC ransomware gang, impacting 743,000 patients. The attack was discovered on August 5, 2024, but forensic investigations were completed on May 5, 2025. The breach involved an IT and phone systems outage, affecting patient databases. Full names were exposed, but the full extent of the data breach remains unclear. This is the second major breach for McLaren, with the previous one in July 2023 by the ALPHV/BlackCat ransomware group affecting 2.2 million people.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JANUARY 2023
776
Ransomware
01 Jan 2023 • MHC
McLaren Health Care: McLaren Health Care to pay $14M in data breach class action settlement
McLaren Health Care Ransomware Breaches
544
CRITICAL-232
MCL1771014385
McLaren Health Care Settles $14M Over 2023-2024 Ransomware Breaches Affecting 2.8 Million Patients
McLaren Health Care, a Michigan-based healthcare provider operating 12 hospitals, has agreed to a $14 million settlement following two ransomware attacks in 2023 and 2024 that exposed the personal and medical data of approximately 2.8 million patients. The breaches compromised sensitive information, including names, Social Security numbers, birthdates, health insurance details, and medical records.
The settlement, preliminarily approved by Genesee County Circuit Court Judge Chris B. Christenson on December 15, establishes a fund to cover credit monitoring, identity theft protections, reimbursements for documented losses (up to $5,000), and additional cash payments for affected individuals. U.S. residents impacted by the breaches must file a claim by April 29 to receive benefits. A final approval hearing is scheduled for April 21.
While McLaren denied any wrongdoing, the organization stated the settlement allows it to refocus on patient care and strengthen its cybersecurity measures. The 2024 attack disrupted clinical systems and electronic medical records for three weeks, prompting the company to confirm a criminal cyber intrusion after detecting suspicious activity. The Michigan Attorney General’s office previously linked the 2023 breach to the ALPHV (BlackCat) ransomware group.
A court-approved website, [MHCCSettlement.com](https://MHCCSettlement.com), has been set up for claim submissions and settlement details.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for MHC ??
What was MHC's A.I Rankiteo Cyber Score in June 2026 ??
What was MHC's A.I Rankiteo Cyber Score in May 2026 ??
What was MHC's A.I Rankiteo Cyber Score in April 2026 ??
What was MHC's A.I Rankiteo Cyber Score in March 2026 ??
What was MHC's A.I Rankiteo Cyber Score in February 2026 ??
What was MHC's A.I Rankiteo Cyber Score in January 2026 ??
What was MHC's A.I Rankiteo Cyber Score in December 2025 ??
What was MHC's A.I Rankiteo Cyber Score in November 2025 ??
What was MHC's A.I Rankiteo Cyber Score in October 2025 ??
What was MHC's A.I Rankiteo Cyber Score in September 2025 ??
What was MHC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on MHC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with MHC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view MHC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?