Ransomware attack exposes sensitive data for nearly 9 million dental patients

The attack on MCNA is the largest health breach this year.

Andras Vas on Unsplash

A recently disclosed ransomware attack has compromised some particularly sensitive medical data. Dental insurer Managed Care of North America (MCNA) reports that an intruder accessed and took copies of informationpatients between February 26th and March 7th of this year, including addresses, Social Security numbers, driver's licenses and insurance data. Some of the info belonged to parents, guardians and guarantors (people who pay bills on others' behalf), MCNA says. A filing with Maine's Attorney General indicates that over 8.9 million people were affected.

The company hasn't identified the perpetrator. However, TechCrunch has learned that the Russia-based LockBit ransomware group is taking credit and says it has published all the files after MCNA refused to pay a $10 million ransom. Samples from the roughly 700GB of data appear to corroborate the claim.

MCNA is offering one year of free identity theft protection to affected customers. It's also advising clients to check their accounts and bills for anything unusual. The firm says it's the largest US insurer for government-backed plans for children and seniors, and its partners include New York City as well as numerous unions.

The tally makes this the largest health data breach in 2023 to date. Before now, the largest incident was a March breach at PharMerica that compromised info for nearly 6 million patients. MCNA is far from unique as a victim of ransomware, but the responses have varied across the industry. While some have refused to pay ransoms and have instead dealt with the repercussions, others have paid millions to reclaim their systems.

This also suggests that LockBit hasn't been deterred by recent crackdowns. Canadian police arrested alleged leader Mikahil Vasiliev in November, while the US charged a Russian national in March. However, the cybercrime outfit has also been attached to high-profile attacks that include California's finance department and the UK's Royal Mail. Campaigns like this aren't likely to stop in the near future.