The IT Nerd

 There has been a ransomware attack on MCNA, exposing sensitive data for nearly 9 million dental patients. That makes this the largest health breach so far this year:

On March 6, 2023, MCNA became aware of certain activity in our computer system that happened without our permission. We quickly took steps to stop that activity. We began an investigation right away. A special team was hired to help us. We learned a criminal was able to see and take copies of some information in our computer system between February 26, 2023 and March 7, 2023.

What information may have been involved?

Here is the kind of information that was seen and taken:

• Information used to contact you, like first and last name, address, date of birth, phone number, email
• Social Security number
• Driver’s license number/other government-issued ID number
• Health insurance (plan information, insurance company, member number, Medicaid-Medicare ID numbers)
• Care for teeth or braces (visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment)
• Bills and insurance claims

Some of this information was for a parent, guardian, or guarantor. A guarantor is the person who paid the bill. Information which was seen and taken was not the same for everyone.

That’s not good. Ani Chaudhuri, CEO, Dasera had this comment:

As the recent ransomware attack on Managed Care of North America (MCNA) shows, the protection of sensitive data, particularly in healthcare, cannot be overstated. A staggering 8.9 million dental patients were affected, with compromised data that included addresses, Social Security numbers, driver’s licenses, and insurance information. It’s a painful reminder that ransomware attacks continue to evolve and pose substantial threats to businesses and individuals alike.

The perpetrators, allegedly the Russia-based LockBit ransomware group, exploited vulnerabilities in MCNA’s systems, exfiltrating an estimated 700GB of data, and demanded a $10 million ransom. The attack has now resulted in the largest health data breach of 2023.

While MCNA’s decision to refuse the ransom demand and instead offer one year of free identity theft protection to the affected customers is laudable, this incident underscores the need for more robust and comprehensive data security measures. The protection of sensitive data should be a proactive endeavor, not a reactive one.

The stakes in cybersecurity have never been higher. These breaches not only result in substantial financial losses but, more importantly, they also have a significant human cost. With data breaches, it’s often the individuals – patients, consumers, and innocent bystanders – who suffer the most.

We must acknowledge the increasing sophistication of cybercriminals and adjust our strategies accordingly. Businesses, particularly in healthcare, need to double down on their efforts to secure their data and protect their customers. It’s not just about adopting advanced technology and tools, but also about fostering a culture of data security and responsibility.

Lastly, let’s remember that cybersecurity is not a destination but a journey that demands constant vigilance, adaptation, and innovation. It calls for an honest evaluation of our security postures and a renewed commitment to safeguarding our data. Let’s see it as a wake-up call, not just a headline. Data security isn’t just a technology issue; it’s a trust issue. And trust, once lost, is incredibly hard to regain.

The numbers in these attacks keep getting higher. And that’s not a good thing. Organizations of all sizes need to take robust action to stop this trend from getting worse.

This entry was posted on June 1, 2023 at 9:13 am and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.