A whopping 8.9 million individuals were affected by a ransomware data breach at Managed Care of North America (MCNA) Dental. MCNA, based in Atlanta, claims to be the largest dental insurer in the nation for government‑sponsored Medicaid and Children’s Health Insurance Programs (CHIP). The MCNA breach is now the largest healthcare data breach so far in 2023, surpassing PharMerica, which affected 5.8 million.
LockBit Ransomware Group is the Likely Culprit
On Friday May 26, 2023, MCNA published a breach notice its website explaining:
On March 6, 2023, MCNA became aware of certain activity in our computer system that happened without our permission. We quickly took steps to stop that activity.
The notice also explains that MCNA hired an investigative team and learned that the cyber criminal “was able to see and take copies of some information” in their computer system between February 26, 2023 and March 7, 2023.
The types of protected health information (PHI) exfiltrated was extensive, and included:
- Contact information, i.e., first and last name, address, date of birth, phone number, email
- Social Security number
- Driver’s license number/other government-issued ID number
- Health insurance (plan information, insurance company, member number, Medicaid-Medicare ID numbers)
- Care for teeth or braces (visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment)
- Bills and insurance claims
- Some of this information was for a parent, guardian, or guarantor. A guarantor is the person who paid the bill. Information which was seen and taken was not the same for everyone.
Note some of those affected by the breach are children, since MCNA is a major partner of CHIP programs, and the notice explains that parents, guardians or guarantors were also affected.
Medical identity theft of children’s PHI can be devastating, because it inflicts lasting harm on children for years, affecting their ability later to establish credit or obtain health insurance. The PHI of children is more valuable than adults’ on the black market since it’s “clean” with no or little history.
MCNA does not explain who was responsible or other details from the investigation. However the LockBit ransomware group has taken credit for the attack. According to TechCrunch, the LockBit group published all of the files it exfiltrated onto the dark web, after MCNA refused to pay a $10 million ransom.
Review StopRansomware Guide to Fight LockBit
Just last month the CISA and FBI together issued an updated guide on how to stop ransomware. The guide is authored by the top cybersecurity defense experts in government and law enforcement and contains invaluable advice.
Make sure you follow HIPAA, stay up to date on the latest and best advice, and ask questions if you need help.