Ransomware attack exposes data of 9 million MCNA Dental patients
A ransomware attack on Managed Care of North America (MCNA) Dental has exposed the personal information of 9 million patients. The Atlanta-based company is the largest dental insurer in the nation for government-sponsored plans covering children and seniors.
The attack, which took place between February 26 and March 7, 2023, resulted in the theft of a trove of patient data, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers and driver’s licenses or other government-issued ID numbers. Hackers also accessed patients’ health insurance data, including plan information and Medicaid ID numbers, along with bill and insurance claim information.
In some cases, some of this data pertained to a patient’s “parent, guardian, or guarantor,” according to MCNA Dental, suggesting that children’s personal data was accessed during the breach.
“We are aware that unauthorized individuals gained access to some of our computer systems between February 26 and March 7, 2023,” said MCNA Dental CEO John Smith. “As a result of this incident, some of your personal information may have been exposed.”
Smith said that MCNA Dental is working with law enforcement to investigate the attack and is offering free credit monitoring and identity theft protection to all affected patients.
“We take the security of your information very seriously,” Smith said. “We are committed to protecting your privacy and will continue to work diligently to investigate this incident and take steps to prevent future attacks.”
The LockBit ransomware group has claimed responsibility for the attack. The group is known for using a double extortion technique, which means that they steal data and then demand a ransom payment. If the ransom is not paid, the group threatens to publish the stolen data.
MCNA Dental has said that it will not pay the ransom demand.
“We will not be paying the ransom,” Smith said. “We believe that doing so would only encourage these criminals and make them more likely to attack other organizations.”
The personal information that was stolen in the attack is valuable to criminals. Social Security numbers can be used to commit identity theft, and health insurance information can be used to file fraudulent insurance claims.
Patients who are concerned about their privacy should monitor their credit reports for fraudulent activity and signs of identity theft. They should also consider enrolling in a credit monitoring service.
Here are some additional tips for protecting yourself from ransomware attacks:
- Keep your software up to date. Software updates often include security patches that can help to protect your computer from ransomware attacks.
- Use strong passwords and change them regularly.
- Be careful about what links you click on and what files you open. Ransomware attacks often start with a phishing email or malicious link.
- Back up your data regularly. This way, if your computer is infected with ransomware, you can still restore your data.
By following these tips, you can help to protect yourself from ransomware attacks.