Imagine waking up to the news that your personal information, including your social security number and health insurance details, has been compromised. That’s exactly what happened to nearly 9 million patients of MCNA Dental, one of the largest government-sponsored dental care and oral health insurance providers in the U.S.
On a Friday, we learned that unauthorized access to MCNA Dental’s computer systems was detected on March 6th, 2023. Further investigation revealed that the hackers had been inside MCNA’s network since February 26th, 2023.
During this time, the cybercriminals managed to steal sensitive data for almost nine million patients, including:
- Full name
- Address
- Date of birth
- Phone number
- Social Security number
- Driver’s license number
- Government-issued ID number
- Health insurance (plan information, insurance company, member number, Medicaid-Medicare ID numbers)
- Dental care history (visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment)
- Bills and insurance claims
According to the notification filed with the Office of the Maine Attorney General, a staggering 8,923,662 people were affected, including patients, parents, guardians, or guarantors.
MCNA Dental has taken all the necessary steps to address the situation and improve the security of its systems to prevent similar incidents in the future. The company has also enlisted the help of law enforcement authorities in an attempt to prevent the misuse of the stolen information.
Impacted individuals have been provided with instructions on how to receive 12 months of free identity theft protection and credit monitoring service through IDX. However, not everyone will receive a notice due to MCNA not having current addresses for all affected individuals. As a result, a substitute notice on IDX has been published, which will remain online for 90 days.
The notice also contains a list of over a hundred healthcare providers indirectly impacted by this incident. It is unclear whether these entities will publish separate breach notifications.
The LockBit Ransomware Gang Strikes
The cyberattack on MCNA Dental was claimed by the LockBit ransomware gang on March 7th, 2023. They published the first data samples stolen from the healthcare provider and demanded a $10 million ransom in exchange for not releasing 700GB of sensitive, confidential information they claimed to have taken from MCNA’s networks.
Unfortunately, on April 7th, 2023, LockBit released all the data on its website, making it available for download by anyone.
As the data is now likely in the hands of other threat actors, all affected users must be vigilant in monitoring their credit reports for fraudulent activity and signs of identity theft. Furthermore, be cautious of targeted phishing emails that use the leaked data to trick you into revealing more sensitive information, such as credentials.
What You Can Do to Protect Yourself
As a business owner, this breach serves as a stark reminder of the importance of cybersecurity. The consequences of a cyberattack can be severe, both financially and in terms of your reputation. So, what can you do to safeguard your business and customers?
That’s where we come in. At ZZ Servers, we specialize in cybersecurity solutions tailored to your unique needs. Our team of experts will work with you to develop and implement robust security measures, ensuring that your business and customer data remain secure.
Don’t wait for a breach to happen. Reach out to us today to learn how ZZ Servers can help you protect your business from cyber threats and ensure the safety of your customers’ data.
