MCNA Dental, a major US dental health insurance provider, was hit by a suspected ransomware attack in one of the largest health data breaches of 2023. The breach exposed over nine million Americans’ personal data, raising concerns about data security and fraud.
Atlanta-based MCNA Dental, known for serving government-sponsored programs for children and elders, revealed that a hacker had accessed their computer system between February 26 and March 7, 2023.
The attacker viewed and copied patients’ names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, government-issued ID numbers, health insurance plans, Medicaid IDs, bills, and claim data.
The Maine attorney general informed 8.9 million MCNA Dental clients of the incident. Following another large data loss at PharMerica, this event highlights the healthcare sector’s alarming vulnerability to personal data breaches.
On May 3, 2023, approximately two months after the cyberattack, MCNA Dental completed its investigation of the incident. However, the corporation has not provided any information about the breach, leaving affected parties unsure and concerned.
When MCNA Dental refused to pay the $10 million ransom, LockBit ransomware claimed responsibility. LockBit boldly leaked 700GB of exfiltrated data on their dark web leak site. This example shows how ransomware groups intimidate and coerce enterprises into complying.
Since September 2019, the Russian-linked ransomware gang LockBit has been operating. They’ve attacked Royal Mail, Ion, and California’s Department of Finance in recent months.
The arrest of one of the gang’s leaders, Mikhail Vasiliev, a dual Russian-Canadian national, in Canada last November and the US indictment of a Russian accused of leading LockBit ransomware in March have revealed the global scope and sophistication of these cybercriminal operations.
The MCNA Dental incident highlights the essential need for healthcare cybersecurity. Identity theft, financial fraud, and other harmful exploitation result from massive data theft.
To reduce cyberattack risk, firms that handle sensitive personal data must invest in cutting-edge security technologies, undertake vulnerability assessments, and emphasize employee training.
To tackle escalating cybercrime, governments, and regulatory agencies must implement strict data protection legislation and encourage public-private partnerships.
As the repercussions of this hack unfold, organizations and individuals must be cautious and take the appropriate safeguards to protect sensitive data in an increasingly digital world with evolving cyber threats.