McLaren Health Care Data Breach Impacts Over 2.2 Million Individuals

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

Michigan-based healthcare provider ,McLaren, confirmed the data breach incident, claimed last month by the notorious ransomware gang, BlackCat (also known as ALPHV).

First identified around August 22, 2023, the incident is said to have impacted more than 2.2 million people. Its discovery led to the launch of an investigation which revealed that unauthorized actors had infiltrated its system and accessed certain information stored therein, between July 28, and August 23, 2023.

The third-party assisted investigation of impacted files not only revealed the type of information stolen but also the level of exposure suffered by impacted individuals. ‘’It was through this process, which concluded on October 10, 2023, that we determined that information pertaining to you may have been included in the potentially impacted files,’’ the notification revealed .

The information which varied by individuals included the names, social security numbers, birth, and health insurance details. Medical records like physician, medication, diagnosis, treatment, Medicare/Medicaid, and billing or claims information, as well as medical record number.

McLaren Health Care stated that no evidence was found of any misuse of stolen data by the hackers. However, one cannot negate the possibility of the data being sold on the dark web for nefarious purposes including, identity theft, phishing attacks, insurance, or medical frauds, etc.

In addition to securing its network, the healthcare provider has informed the concerned US authorities and notified the impacted people through emails about the incident. It is also offering a 12-month free identity theft protection services through IDX to the concerned individuals.

‘’While there is currently no evidence that your information has been misused, we recommend that you remain vigilant, monitor and review all of your financial and account statements and explanations of benefits, and report any unusual activity to the institution of record and to law enforcement,’’ McLaren advised.

The breach first came to notice when ALPHV claimed responsibility for the attack in the first week of October, and published sample data sets on its blog.

Security Review Badges for Android VPN Apps on Play Store

• Written by Shipra Sanganeria Cybersecurity & Tech Writer

The growing need for digital privacy and security has led Google to introduce an Independent Security Review badge for Play Store apps. Found in the Data safety section of Android apps, the badge is displayed for apps that have passed the Mobile Application Security Assessment ( MASA ) audit.

Introduced last year by the App Defense Alliance (ADA), MASA allows developers to have their apps independently reviewed against a global security standard . The requirements to meet minimum security and privacy standards include data storage and privacy, authentication and session management, cryptography, network communication, platform interaction, and code quality.

When displayed, the badge not only declares the developers’ commitment to user security, but also promotes transparency, thus, enabling users to make more informed choices.

However, a user needs to keep in mind that the certification to baseline security standards does not ensure that the app is free of vulnerabilities. It only helps ‘’users see at-a-glance that a developer has prioritized security and privacy practices and committed to user safety,’’ the post stated .

Starting with VPNs, Google will display this Play store banner in the Data Safety section. “We’ve launched this banner beginning with VPN apps due to the sensitive and significant amount of user data these apps handle,” Android Security and Privacy Team’s Nataliya Stanetsky said.

Many VPNs make claims about maintaining user anonymity and following a no-log policy, and to support these claims, some even undergo third-party audits. However, to secure this badge, they also need to conduct the MASA review from a list of approved security partners.

The VPN companies that have already undergone the audit and received the badge include ExpressVPN, NordVPN, Private Internet Access, and SkyVPN .

Google continues to encourage other VPN providers to submit a form for independent security review, thus promoting greater transparency on its Play Store.