Lockbit ransomware attack on MCNA Dental impacts 8.9M individuals

Managed
Care
of
North
America
(MCNA)
Dental
disclosed
a
data
breach
that
impacted
more
than
8.9
million
individuals.

Managed
Care
of
North
America
(MCNA)
Dental
suffered
a
data
breach
that
impacted
8,923,662
patients.

MCNA
Dental
is
one
of
the
largest
US
dental
care
and
oral
health
insurance
providers.

The
security
breach
exposed
the
personal
information
of
current
or
former
provider
of
dental/orthodontic
care
to
members
of
certain
state
Medicaid
and
Children’s
Health
Insurance
Programs,
for
which
MCNA
provides
dental
benefits
and
services.

According
to
the notification filed
with
the
Office
of
the
Maine
Attorney
General,
the
company
discovered
unauthorized
access
to
its
computer
systems
on
March
6th,
2023,
and
immediately
launched
an
investigation
into
the
incident.

“On
March
6,
2023,
MCNA
became
aware
that
an
unauthorized
party
was
able
to
access
certain
MCNA
systems.
Upon
discovery
the
same
day,
MCNA
took
immediate
steps
to
contain
the
threat
and
engaged
a
third-party
forensic
firm
to
investigate
the
incident
and
assist
with
remediation
efforts.
MCNA
subsequently
discovered
that
certain
systems
within
the
network
may
have
been
infected
with
malicious
code.
Through
its
investigation,
MCNA
determined
that
an
unauthorized
third
party
was
able
to
access
certain
systems
and
remove
copies
of
some
personal
information
between
February
26,
2023
and
March
7,
2023.”
reads
the

data
breach
notification.
“MCNA
undertook
an
extensive
review
to
determine
what
data
may
have
been
impacted.
As
a
result
of
this
review,
which
was
completed
on
May
3,
2023,
it
appears
that
your
personal
information
may
have
been
involved.”

Stole
data
includes
demographic
information
to
identify
and
contact
patients,
such
as
full
name,
date
of
birth,
address,
telephone
and
email;
Social
Security
number;
driver’s
license
number
or
government-issued
identification
number;
health
insurance
information,
such
as
name
of
plan/insurer/government
payor,
member/Medicaid/Medicare
ID
number,
plan
and/or
group
number;
and
information
regarding
dental/orthodontic
care.
The
notice
states
that
not
all
data
elements
were
involved
for
all
individuals.

The
company
announced
that
it
has
already
taken
steps
to
mitigate
and
prevent
similar
security
breaches
in
the
future.

The
company
is
offering
the
impacted
individuals
12
months
of
free
identity
theft
protection
and
credit
monitoring
service
through
IDX.

“Although
we
are
unaware
of
any
actual
or
attempted
misuse
of
provider
information
as
a
result
of
this
incident,
we
encourage
you
to
carefully
review
credit
reports
and
statements
sent
from
providers
as
well
as
your
insurance
company
to
ensure
that
all
account
activity
is
valid.
Any
questionable
charges
should
be
promptly
reported
to
the
company
with
which
you
maintain
the
account.”

The
notice
doesn’t
provide
details
about
the
security
breach,
but
the

LockBit
ransomware
group
claimed
responsibility
for
the
attack.

The
ransomware
group
added
the
company
to
the
list
of
victims
on
its
Tor
leak
site
and
published
a
sample
of
the
stolen
data
as
proof
of
the
data
breach.

LockBit
threatened
to
publish
the
stolen
data
if
MCNA
would
have
not
paid
a
$10
million
ransom.

On
April
7th,
2023,
LockBit
released
all
stolen
data
on
its
leak
site.

Follow
me
on
Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, MCNA)

Share
On

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts