Dental News - Hackers steal millions of dental patient records

Jeremy Booth, Dental Tribune International

Wed. 7. June 2023

save

ATLANTA, US: A breach of data systems belonging to Managed Care of North America (MCNA) Dental has resulted in the theft of a trove of personal information and patient records belonging to nearly nine million individuals insured by the provider. The apparent ransomware attack represents the largest breach of health information so far this year and underscores the sensitivity of data relating to dental treatment.

A data breach notification showed that information pertaining to these 8,923,662 individuals was stolen from MCNA Dental’s computer systems over a period of ten days—between 26 February and 7 March. The notification showed that the breach was discovered on 3 May. MCNA Dental issued a notice of data breach on 26 May, alerting its customers to the unauthorised activity in its computer system and the theft by criminals of substantial amounts of private information and dental records.

MCNA said that the stolen information included personal and contact details and identification and health insurance numbers. Information about oral care was also stolen, including details about patient visits, past treatments, medication provided, patient radiographs and photographs, and details about the dentists and doctors who had provided care. The stolen information included copies of bills and insurance claims, and some of it related to other individuals who had paid for patient treatment, such parents, guardians and guarantors.

The MCNA Dental notice read: “We quickly took steps to stop that activity. We began an investigation right away. A special team was hired to help us. We learned a criminal was able to see and take copies of some information in our computer system.” MCNA Dental said that it had sent letters to customers whose information had been stolen and was using online notices to attempt to reach those whose postal addresses it did not have on file.

Affected individuals have been offered free identity theft protection for a period of 12 months.

Online technology news portal TechCrunch reported that ransomware group LockBit had claimed responsibility for the cyber-attack and that the Russia-linked hacking network had published all of the stolen MCNA Dental data online after the insurer declined to pay a ransom of US$10.0 million (€9.3 million). “A listing on LockBit’s dark web leak site, seen by TechCrunch, suggests the notorious ransomware gang stole 700 GB of data during the intrusion,” TechCrunch wrote.

MCNA Dental says on its website that is the largest provider of dental insurance to individuals enrolled in the government-sponsored Medicaid and Children’s Health Insurance Program healthcare schemes.