Following the MCNA data breach, for which hacker group LockBit demanded a ransom amount of $10 million, the U.S.-based government-sponsored dental and oral health insurance has revealed that nearly 9 million individuals were impacted in the security incident.
Managed Care of North America (MCNA) published a data breach notification revealing that a security incident was discovered on March 6, 2023.
“On March 6, 2023, MCNA became aware that an unauthorized party was able to access certain MCNA systems. Upon discovery the same day, MCNA took immediate steps to contain the threat and engaged a third-party forensic firm to investigate the incident and assist with remediation efforts,” read the notice.
An investigation into the incident revealed that certain systems within the network had been infected with malicious code.
“Through its investigation, MCNA determined that an unauthorized third party was able to access certain systems and remove copies of some personal information between February 26, 2023 and March 7, 2023,” the notice further stated.
The notice concluded by informing individuals that their personal information “may have been involved” in the MCNA data breach.
What we know about the MCNA cyber attack
Meanwhile, the LockBit ransomware group had claimed the MCNA cyber attack and demanded a ransom on March 7. The hacker collective had also leaked samples from the MCNA data breach and had given April 6 as the deadline to pay the ransom.
The group, as mentioned in the MCNA notice, took copies of information from the company systems between February 26 and March 7.
In about a week, LockBit managed to pilfer the following data from the MCNA data breach-
- First and last name
- Address
- Date of birth
- Phone number
- SSN
- Driver’s license number
- Government-issued ID number
- Health insurance number
- Medicaid ID number
- Dental health information
- X-rays, medicines, and treatment data
- Bills and insurance claims
- Parent, guardian, or guarantor information
The group demanded $1000 for extending the deadline for leaking the exfiltrated data by 24 hours.
To destroy all the MCNA data breach information, the ransom amount was $9,999,999 and the same amount was set for downloading the data from the leak site of LockBit at any time.
On April 7, the ransomware group leaked the exfiltrated information from the MCNA cyber attack. The group had over 700 GB of sensitive data from the MCNA data breach.
Alerting users impacted by the MCNA data breach
Following the MCNA data breach, the company has begun informing all the 8,923,662 individuals who had their records in the systems of MCNA.
The data breach notification published by the Office of the Maine Attorney General added that the MCNA incident was an external system breach.
The MCNA – ME Individual Notice Letter PDF sent to users alerting them about the MCNA data breach read, “Although we are unaware of any actual or attempted misuse of provider information as a result of this incident, we encourage you to carefully review credit reports and statements sent from providers as well as your insurance company to ensure that all account activity is valid,” suggesting that misuse of stolen data has not been discovered so far.
Facilities offered to the users impacted by the MCNA data breach
The letter also had details about checking the credit score and reporting security incidents or suspicious activities on their accounts because of the MCNA data breach.
Although identity theft protection services are offered to the impacted users, it is recommended that they do not open emails or click on links even if they seem urgent.
Often, fraudulent emails are specially crafted with relevant subject lines or attachments that say that it is related to a refund or user data update.
It is suggested they check with the company each time they receive a communication from the MCNA. And, that they avoid inputting bank account data in online forms or communications because it is not a practice companies encourage to enter bank data sensitive information in online forms.
Users were offered a yearly identity theft protection free of cost that they could sign up to avail.