Ransomware attacks are hitting companies across all industries, including healthcare. The latest data breach reportedly exposed medical data from nearly nine million patients, Dental insurer Managed Care of North America (MCNA) says in its latest filing.
US Dental Insurance Titan Confirms Widespread Breach
In an initial report by TechCrunch, MCNA, which is said to be the biggest dental insurer in the US, has confirmed that it was recently attacked by unknown hackers.
The unidentified intruder managed to access the confidential data of more than 8.9 million people. The company added that the attacker stole the patient data, which included insurance information, addresses, and Social Security numbers.
Furthermore, that's not the only information that might be obtained from the victims. The Atlanta-based company could not remove the possibility that the data of the guarantors and guardians were also stolen during the attack.
It all started when MCNA noticed that its computer system prompted a "certain activity" to operate without its permission nearly three months ago. It later discovered traces of hacking as it saw that copies of some data between February 26 and March 7, 2023, were taken from the system.
Culprit Behind MCNA Health Breach
In what seems to be the largest breach in the health industry so far this year, roughly 700GB of data was estimated to be compromised.
According to Engadget, MCNA has no lead about the identity of the hacker but the LockBit ransomware gang claims responsibility for the incident. The Russian group of cybercriminals said that the dental insurer did not comply with paying a ransom worth $10 million, that's why it decided to leak the sensitive data of the patients online.
To protect the victims of the cyberattack, MCNA vows to give them free identity theft protection for a year. Moreover, the company suggests that its customers should monitor their accounts and transactions and report anything suspicious.
Before the MCNA Dental breach took place, the PharMerica cyberattack was the largest ransomware incident to take place in the country. At that time, it was reported that nearly six million people were affected.
Related Article : Millions of Customer Records Exposed in Massive Data Breach Targeting Tire Company
Ransomware Prevention Guidelines For Healthcare Organizations
In another article from Med City News, a group of federal agencies has posted a new set of guidelines that will help healthcare firms to combat ransomware attacks.
The Federal Bureau of Investigation, National Security Agency, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center are the ones that updated the policies so organizations can avoid future data breaches.
This is how the bad actors infiltrate the healthcare systems, according to the authors of the guidelines.
- Internet-facing vulnerabilities and misconfigurations
- Compromised credentials
- Phishing
- Precursor malware infection
- Advanced forms of social engineering
- Third parties and managed service providers