Dental insurance provider hit by LockBit ransomware attack affecting 8.9M customers

Massive data breach exposes personal information of dental insurance customers

The information of almost 9 million MCNA customers leaked by ransomware gang

Managed Care of North America (MCNA) Dental, the nation's largest dental insurer for state-sponsored Medicaid and CHIP programs, has suffered a major data breach that has compromised the personal information of nearly 9 million patients. The breach was caused by a ransomware attack launched by the notorious LockBit ransomware group on MCNA Dental's computer systems between February 26 and March 7, 2023. Patients' names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver's license numbers are among the sensitive details stolen.

LockBit ransomware group takes responsibility and demands a $10 million ransom

The LockBit ransomware group claimed responsibility for the cyberattack on MCNA Dental on March 7, 2023. The hackers threatened to release 700GB of private patient data unless a $10 million ransom was paid. Unfortunately, on April 7, LockBit published all of the stolen data on its website, making the threat a reality. As a result, MCNA Dental promptly notified^[1] affected customers and relevant authorities, including Maine's Attorney General, of the scope of the breach.

Extensive impact and mitigation measures by MCNA Dental

MCNA Dental has confirmed that the breach has affected an astounding 8,923,662 people, though only 101 of them are Maine residents. The dental insurance company is concerned about the widespread consequences of the breach, which has affected states such as Arkansas, Florida, Idaho, Kentucky, and New York, as well as other organizations.

To assist affected customers, MCNA Dental has offered to pay for a year's worth of identity theft protection services. Furthermore, because it currently lacks the postal addresses of all affected customers, the company will keep the data breach notice on its website for at least 90 days. It advises people to closely monitor their bills and accounts for any suspicious activity.

LockBit ransomware gang's ongoing criminal activities

LockBit is a well-known ransomware gang that is well-known for its criminal activities. Security researchers have discovered a new variant of LockBit that specifically targets Apple's Mac computers in recent months. The group has also targeted a supplier of SpaceX,^[2] Elon Musk's space exploration company.

In addition, LockBit launched a bug bounty program,^[3] in which individuals are encouraged to provide information about unknown vulnerabilities in websites in exchange for rewards. The group's extensive track record demonstrates the critical need for improved cybersecurity measures in a variety of industries.

MCNA Dental is concerned about the data breach and has hired a third-party forensics firm to investigate and mitigate the situation. On May 3, 2023, the investigation concluded, revealing the full extent of the accessed and exfiltrated data. MCNA Dental has since strengthened its security controls and monitoring procedures in order to avoid similar incidents in the future. To mitigate the potential risks associated with the breach, the company is also offering affected customers one to two years of credit and identity monitoring services.

While MCNA Dental has not explicitly identified LockBit as the threat actor responsible for the attack, the LockBit ransomware group has confirmed its involvement on its dark website. The group disclosed detailed information about the breach, including sample data, and demanded a $10 million ransom payment. Despite the demand, MCNA Dental has not paid the ransom, resulting in LockBit publishing the entire dataset on April 7.

The incident highlights the growing threat of ransomware attacks and the importance of strong cybersecurity measures to safeguard sensitive personal data. The dental insurance industry, like many others, must remain vigilant in protecting customer information and strengthening its defenses against such attacks.