An apparent ransomware attack on one of America’s largest dental health insurers has compromised the personal information of almost nine million individuals in the United States.
The Atlanta-based Managed Care of North America (MCNA) Dental claims to be the largest dental insurer in the nation for government‑sponsored plans covering children and seniors. In a notice posted on Friday, the company said it became aware of “certain activity in our computer system that happened without our permission” on March 6 and later learned that a hacker “was able to see and take copies of some information in our computer system” between February 26 and March 7, 2023.
The information stolen includes a trove of patients’ personal data, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers and driver’s licenses or other government-issued ID numbers. Hackers also accessed patients’ health insurance data, including plan information and Medicaid ID numbers, along with bill and insurance claim information.
In some cases, some of this data pertained to a patient’s “parent, guardian, or guarantor,” according to MCNA Dental, suggesting that children’s personal data was accessed during the breach.
According to a data breach notification filed with Maine’s attorney general, the hack affected more than 8.9 million clients of MCNA Dental. That makes this incident the largest breach of health information of 2023 so far, after the PharMerica breach that saw hackers access the personal data of almost 6 million patients.
MCNA Dental said its review to determine what data was affected was completed on May 3 — almost two months after the cyberattack — but has not provided further details of the incident. An MCNA spokesperson did not respond to TechCrunch’s questions.
However, the LockBit ransomware group took responsibility for the cyberattack and claims to have published all of the files it exfiltrated from MCNA Dental after the company refused to pay a $10 million ransom demand.
A listing on LockBit’s dark web leak site, seen by TechCrunch, suggests the notorious ransomware gang stole 700GB of data during the intrusion.
Samples of the leaked data appear to confirm that the hackers accessed sensitive information, including patients’ personal data and insurance details.
LockBit is a Russia-linked ransomware gang that was first observed in September 2019. The group has claimed a number of high-profile victims in recent months, including U.K. postal giant Royal Mail, financial software company Ion Group and California’s Department of Finance.
The gang suffered a setback in November when one of its alleged leaders, dual Russian-Canadian citizen Mikhail Vasiliev, was arrested in Canada. In March, the U.S. government also announced that it had indicted a Russian national accused of being a key figure in the LockBit ransomware group.