Malware
“Breaking News: Massive MCNA Dental Ransomware Attack Affects 8.9 Million Patients’ Data – Are You One of Them?”
MCNA Dental, one of the largest dental insurance providers in the US, has suffered a massive data breach that has impacted 8.9 million people. The breach occurred after a ransomware attack on the company’s IT systems. The attackers have reportedly stolen sensitive personal and medical information, including names, addresses, birth dates, and Social Security numbers. The company is currently investigating the incident and has offered free credit monitoring services to affected individuals.
IT Services that manages Medicaid and CHIP dental care and oral health insurance, Managed Care of North America (MCNA) Dental, recently published a notification on their website regarding a data breach that compromised the personal data of almost 9 million patients.
The company became aware of unauthorized access to its computer systems on March 6th, 2023, with an investigation revealing that the hackers first gained access to MCNA’s network on February 26th, 2023.
During that time, the hackers stole data that contained sensitive information for almost nine million patients, which included full names, addresses, dates of birth, phone numbers, emails, social security numbers, driver’s license numbers, government-issued ID numbers, health insurance information, care information for teeth or braces, and bills and insurance claims. The breach impacted 8,923,662 people, including patients, parents, guardians, or guarantors.
The notification filed with the Office of the Maine Attorney General stated that IT Services had already taken the necessary steps to remediate the situation and enhance the security of its systems to prevent similar incidents from happening in the future. They have also contacted law enforcement authorities to help prevent the misuse of the stolen information.
However, since IT Services does not have current addresses for everyone impacted, not every individual will receive a notice. As a substitute, the organization published a notice on IDX, which will stay online for 90 days. The notice also includes an extensive list of over a hundred healthcare providers indirectly impacted by this incident. However, it is unclear if those entities will publish separate notices of the breach.
LockBit ransomware gang claimed responsibility for the cyberattack on MCNA on March 7th, 2023. The group published the first data samples stolen from the healthcare provider and threatened to publish 700GB of sensitive, confidential information they exfiltrated from MCNA’s networks unless they were paid $10 million. On April 7th, 2023, LockBit released all data on its website, making it available for download by anyone.
Since the data is likely in the hands of other threat actors, all impacted users must monitor their credit reports for fraudulent activity and signs of identity theft. Additionally, users should be cautious of targeted phishing emails that use the leaked data to trick recipients into revealing further sensitive information, such as credentials.
IT Services has enclosed instructions in the notices sent to impacted individuals on how to receive 12 months of free identity theft protection and credit monitoring service through IDX.