Nearly 9 million clients of Managed Care of North America (MCNA) Dental, a US government-sponsored dental care provider, were informed that their sensitive and private personal and medical data may have been exposed in a ransomware attack earlier this year. In a post on its website, MCNA said it became aware of a cyberattack that occurred between February 26 and March 7, in which hackers successfully lifted sensitive data from its computer systems. The Atlanta-based healthcare organization is one of the largest providers of government-sponsored dental care and oral health in the country.
According to a data breach notification filed with the Maine Attorney General, the breach affected more than 8.9 million MCNA clients. LockBit ransomware attacked MCNA’s systems and demanded $10m in ransom. When MCNA refused the payment, LockBit threatened to leak 700GB of stolen data. On April 7, the group made good on that promise and released all of the data on its website for anyone to download.
The stolen information included sensitive data, such as client names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s licenses or other government-issued ID numbers. Also included was information about clients’ health insurance, including plan information, insurance company, member number, Medicaid-Medicare ID numbers, and what type of care they received from their provider, as well as bill and insurance claim information. The data may include information about parents, guardians, or guarantors of someone receiving service through the agency.
MCNA sent notices to clients whose information may have been involved in the breach. The notice will remain active for 90 days to inform clients whose addresses that MCNA does not have and thus cannot be informed through the mail. To protect clients affected by the breach, MCNA is offering them an identity theft protection service for one year.
LockBit is one of the more prolific ransomware gangs currently active on the scene. The group has made a name for itself by targeting high-profile victims, such as SpaceX and security giant Entrust. LockBit employs double-extortion ransomware, using auto-propagating malware and double-encryption methods that show a level of sophistication.
Double-extortion attacks that result in data leaks that can harm both companies and their clients in the long run have changed the rules of the game when it comes to paying ransom. Some experts now advise considering various factors before deciding whether or not to pay a ransom, and that in some cases it might benefit them more in the long run to give in to attackers’ demands.
Organizations can protect themselves against ransomware attacks by shoring up their overall security defense posture in myriad ways, including implementing secure passwords and multifactor authentication (MFA), so systems aren’t breached in the first place. They should also put up strong controls to defend against phishing attacks, as attackers often use credentials stolen in this way to gain initial access to a network to deploy ransomware, experts said.
With the number of ransomware attacks on the rise and the seriousness of their consequences growing, it is increasingly important for organizations and individuals to take proactive measures in securing their systems and data. In a world where cyberattacks are inevitable, prevention is key to minimizing the damage caused by hackers.