A significant ransomware attack has targeted Managed Care of North America (MCNA) Dental, one of the largest dental health insurers in the United States, compromising the personal information of nearly nine million individuals. The Atlanta-based company discovered unauthorized activity in its computer system on March 6, revealing that a hacker had gained access to and made copies of certain information between February 26 and March 7, 2023.
The stolen data includes a wealth of personal details belonging to patients, such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s licenses or other government-issued ID numbers. Additionally, the hackers obtained health insurance data, including plan information, Medicaid ID numbers, and billing and insurance claim information. Some of the compromised data also pertained to parents, guardians, or guarantors, implying that the personal information of children may have been exposed.
MCNA Dental reported the breach to Maine’s attorney general, revealing that over 8.9 million clients were affected by the cyberattack. This incident now stands as the largest health information breach of 2023, surpassing the PharMerica breach, which impacted nearly six million patients.
MCNA Dental completed its review to determine the extent of the compromised data on May 3, almost two months after the attack. However, the company has not provided additional details about the incident, and a spokesperson declined to respond to inquiries from TechCrunch.
The LockBit ransomware group has claimed responsibility for the attack and asserts that it has released all the exfiltrated files from MCNA Dental after the company refused to pay a $10 million ransom demand. A listing on LockBit’s dark web leak site indicates that the ransomware gang stole approximately 700GB of data during the breach.
Samples of the leaked data substantiate the hackers’ access to sensitive information, including patients’ personal data and insurance details.
LockBit is a ransomware gang associated with Russia that first emerged in September 2019. In recent months, the group has targeted several high-profile victims, including the Royal Mail in the UK, financial software company Ion Group, and California’s Department of Finance.
LockBit ransomware gang suffered a setback in November when Canadian authorities arrested Mikhail Vasiliev, one of its alleged leaders. The US government followed up on this success in March by indicting a Russian national believed to be a key figure in the group.
The arrests are a significant blow to the LockBit ransomware gang, which has been responsible for some of the most high-profile ransomware attacks in recent years. The group has demanded millions of dollars in ransom payments from its victims, and its attacks have caused significant disruption to businesses and organizations around the world.
The arrests are a sign that law enforcement is taking a more aggressive approach to ransomware attacks. In recent years, there have been a number of high-profile arrests of ransomware operators, and the US government has also imposed sanctions on ransomware groups.
The arrests are a positive development, but it is important to remember that ransomware is a serious threat. Businesses and organizations should take steps to protect themselves from ransomware attacks, such as using strong passwords, backing up data regularly, and implementing security best practices.