Michigan’s McLaren Health Care confirms cyberattack, asks for ‘patience’

• McLaren Health Care is the latest of Michigan’s large health systems to fall victim to a cyberattack
• The system acknowledged ‘limited access to our systems’ forcing the rescheduling — as a precaution — of some appointments, tests, and treatments
• Patients are asked to report as scheduled to appointments and bring printed information with them, including a list of medications and allergies

McLaren Health Care confirmed Wednesday that the technology “disruption” it reported Tuesday was actually a result of a criminal cyberattack.

As it investigates, the chain’s facilities remain “largely operational,” the $6.6 billion Grand Blanc-based system reported in a statement Wednesday.

“Our information technology team continues to work with external cyber security experts to analyze the nature of the attack and mitigate the impacts of the threat actors,” the statement read, adding that it was unclear whether hackers breached patient or employee data.

The hospital chain continues to operate “several information technology systems” as part of “downtime procedures while we work to fully restore functionality to our system.”

On Monday, staff were able to quickly toggle from electronic medical records to paper charting because of previous training for “downtime procedures,” said Betsy Lehner, president of Office and Professional Employees International Union (OPEIU), Local 459. The chapter represents about 1,000 nurses, lab employees, environmental services and maintenance workers at McLaren.

A registered nurse herself, Lehner said the McLaren has backup computers at the ready as well as boxes of paper medical forms in triplicate, allowing doctors and nurses to chart and send copies to the pharmacy and others, she said.

That, “and a ton of teamwork” has mitigated any disruption to patient services, she said, adding “we have experienced nurses that have paper-charted for a lot of their careers.”

Moreover, medical staff are conditioned to fast-changing workplace realities, she said.

“Nursing, medical care — it’s a stressful job because things can change quickly. A patient can go from talking, breathing, and heart-beating to suddenly not, so we learn to adapt because we have to,” she said.

The system provided few other details about the attack and declined interviews. Dave Jones, a spokesperson, said only that the problems began Monday.

Related:

• Michigan Medicine latest health care system to be hit by cyberattack
• Cyberattack on Ascension Michigan, other sites, began with ‘honest mistake’
• Global technology outage impacts flights, health care systems in Michigan

McLaren, which operates 13 Michigan hospitals and includes Karmanos Cancer Institute, has 28,000 full- and part-time and contracted employees and connections to providers in Michigan, Indiana and Ohio, according to its website.

The confirmation of another cyberattack comes just three months after a ransomware attack on the St. Louis-based Catholic health-care giant Ascension, which operates 15 Michigan hospitals. 

That attack — which the chain later said it connected to a malicious file and an “honest mistake” — took down information systems, cut off access to patient portals, forced the rerouting of some patients to other hospitals, shut down much of the pharmacy operations, and hobbled the system for months.

It was not immediately clear whether Ascension had fully recovered from the attack by the time McLaren realized it, too, had been victimized.

Ascension’s latest public update, dated June 14, maintains that electronic health record access has been “restored across our ministries,” but it also acknowledges that the “investigation into this incident is ongoing, along with the remediation of additional systems.”

Ascension has declined to speak publicly about its cyber breach and did not respond to Bridge Michigan’s request for comment on Wednesday.

Ascension and McLaren don’t stand alone as cyber targets.

In June, a hacker “impersonated a company employee” at Rite Aid — which is currently shutting down dozens of Michigan stores — to gain access to its “business systems,” the store chain reported. Last month, hackers were able to access information — via email accounts — at Michigan Medicine, part of University Michigan. 

What patients should do 

McLaren’s breach became publicly apparent Tuesday when the system released a brief statement noting what it called “a disruption to our information technology system.”

For now, patients should appear for scheduled appointments unless they are contacted by McLaren staff and instructed otherwise. Some non-emergency or elective procedures may be postponed.

McLaren is requesting patients bring the following information to appointments: 

• A list of current medications or empty prescription bottles
• Printed physician orders for imaging studies or treatments 
• A list of allergies
• Printed results of recent lab tests from the McLaren Health Care’s patient portal, McLaren Caro Region’s patient portal, McLaren Thumb Region’s patient portal or the patient portal for Karmanos.

“We understand this situation may be frustrating to our patients — and to our team members — and we deeply and sincerely apologize for any inconvenience this may cause,” according to a statement released by the system Tuesday.

“We kindly ask for your patience while our caregivers and support teams work as diligently as ever to provide our communities the care they need and deserve,” it read.