Ransomware breach hits US dental insurance giant, loses data of 9 mn patients

San Francisco:  The personal information of nearly nine million people in the US has been compromised in an apparent ransomware attack on one of the country’s largest dental health insurers.

US-based dental insurance giant Managed Care of North America (MCNA) Dental, said: “On March 6, 2023, MCNA became aware of certain activity in our computer system that happened without our permission. We quickly took steps to stop that activity. We began an investigation right away.”

Moreover, the company learned that a criminal was able to see and take copies of some information in their computer system between February 26 and March 7, 2023.

According to a data breach notification filed with Maine’s attorney general, the hack affected over 8.9 million MCNA Dental clients, reports TechCrunch.

The LockBit ransomware group claimed responsibility for the cyberattack and claims to have published all of the files it stole from MCNA Dental after the company refused to pay a $10 million ransom demand.

According to a listing on LockBit’s dark web leak site, the notorious ransomware gang stole 700GB of data during the intrusion, the report said.

The stolen data includes a trove of personal information from patients, such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s licences or other government-issued ID numbers.

Hackers also gained access to patient’s health insurance information, such as plan information and Medicaid ID numbers, as well as bill and insurance claim information, according to MCNA Dental.

Meanwhile, PharMerica, a leading pharmacy service provider in the US, which operates in more than 2,500 facilities across the country and offers over 3,100 pharmacy and healthcare programmes, has disclosed a data breach that compromised the personal information of nearly six million patients.

PharMerica stated in a data breach notification filed with Maine’s attorney general that it discovered suspicious activity on its computer network on March 14.

–IANS

Comments are closed.