US Government-Sponsored Dental Healthcare Provider MCNA Dental Falls Victim to a LockBit Ransomware Attack
Managed Care of North America (MCNA) Dental, one of the largest providers of government-sponsored dental care in the US, has notified its nearly 9 million clients that their sensitive and personal data was exposed in a LockBit ransomware attack earlier this year. The Atlanta-based healthcare organization works with Medicaid agencies, the Children’s Health Insurance Programs, corporations, and insurance plans and was breached by the cyber attackers between Feb. 26 and March 7, 2023.
The Attack and Data Breach
“On March 6, 2023, MCNA became aware of certain activity in our computer system that happened without our permission,” the company said in the post on its website. “We quickly took steps to stop that activity.” However, the steps taken were not quick enough to prevent the LockBit ransomware group from stealing more than 700GB of sensitive data from MCNA’s systems. The attackers demanded a $10 million ransom, and when MCNA refused to pay, LockBit released all the stolen data on its website for anyone to download, according to reports.
The stolen data included personally identifiable information (PII) about MCNA clients, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s licenses or other government-issued ID numbers, according to MCNA. The data leaked also included health insurance plan information, insurance company, member number, Medicaid-Medicare ID numbers, and the type of care received by the client from MCNA. Additionally, attackers stole bill and insurance claim information in the breach.
Identity Theft Protection Offered
MCNA has offered identity theft protection service for a year to clients whose information may have been involved in the breach, along with a toll-free number to contact for any questions or concerns. The notice will remain active for 90 days to inform clients whose addresses that MCNA does not have.
LockBit and Double Extortion
LockBit, a ransomware-for-hire group that emerged as early as September 2019, is one of the more notorious ransomware gangs currently active on the scene. The group used double-extortion ransomware, auto-propagating malware, and double-encryption methods that show a level of sophistication in its attacks. LockBit’s style of operation has led to its targeting of high-profile victims, including SpaceX and Entrust.
While organizations are traditionally advised not to pay attackers after experiencing a ransomware attack, the rise of double-extortion attacks that result in data leaks is changing the rules of the game. In such circumstances, some experts advise considering various factors before deciding whether or not to pay the ransom and that sometimes, giving in to attackers’ demands might benefit more in the long run.
Recommendations for Organizations
Organizations can protect themselves against ransomware attacks by shoring up their overall security defense posture in multitude ways. This includes implementing secure passwords, multifactor authentication (MFA) to ensure systems aren’t breached in the first place. Putting up strong controls to defend against phishing attacks, as attackers often use credentials stolen in this way to gain initial access to a network to deploy ransomware, is also a best practice.
Editorial Review
The MCNA data breach is yet another incident that raises concerns about the state of cybersecurity in the US healthcare sector. The sector continues to suffer from high-profile data breaches as clearly highlighted by the healthcare industries’ threat report published on June 2, 2021. The report indicates that attacks on the sector across the US increased by 45% between November 2020 and April 2021 compared to the same period in 2019-2020.
The LockBit ransomware attack on MCNA underscores the reality that no organization is immune to such a hack. Even organizations that regularly update their cybersecurity systems and ensure robust security measures are in place may still suffer from a breach, as evidenced by this incident.
Organizations that collect and store sensitive data must ensure that they have adequate cybersecurity controls and risk management strategies in place. It is time for organizations to move from reactive cybersecurity to proactive cybersecurity. Future cybersecurity policies should focus on collaboration among government, the private sector, and academia to enhance innovation and promote the adoption of best practices.
The Bottom Line
While some experts advocate paying the ransom in some circumstances, companies should endeavor to invest in proactive cybersecurity rather than solely focusing on incident response. Organizations must recognize that proactive cybersecurity is key to preventing cyber attacks and data breaches that can result in significant financial and reputation loss.
<< photo by Dan Nelson >>
