Ransomware Attack On US Dental Insurance Giant Exposes Data of 9 Million Patients (techcrunch.com) 18
An anonymous reader quotes a report from TechCrunch: An apparent ransomware attack on one of America's largest dental health insurers has compromised the personal information of almost nine million individuals in the United States. The Atlanta-based Managed Care of North America (MCNA) Dental claims to be the largest dental insurer in the nation for government-sponsored plans covering children and seniors. In a notice posted on Friday, the company said it became aware of "certain activity in our computer system that happened without our permission" on March 6 and later learned that a hacker "was able to see and take copies of some information in our computer system" between February 26 and March 7, 2023.
The information stolen includes a trove of patients' personal data, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver's licenses or other government-issued ID numbers. Hackers also accessed patients' health insurance data, including plan information and Medicaid ID numbers, along with bill and insurance claim information. In some cases, some of this data pertained to a patient's "parent, guardian, or guarantor," according to MCNA Dental, suggesting that children's personal data was accessed during the breach. According to a data breach notification filed with Maine's attorney general, the hack affected more than 8.9 million clients of MCNA Dental. That makes this incident the largest breach of health information of 2023 so far, after the PharMerica breach that saw hackers access the personal data of almost 6 million patients. The LockBit ransomware group took responsibility for the cyberattack and published 700GB of files after the company refused to pay a $10 million ransom demand.
The information stolen includes a trove of patients' personal data, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver's licenses or other government-issued ID numbers. Hackers also accessed patients' health insurance data, including plan information and Medicaid ID numbers, along with bill and insurance claim information. In some cases, some of this data pertained to a patient's "parent, guardian, or guarantor," according to MCNA Dental, suggesting that children's personal data was accessed during the breach. According to a data breach notification filed with Maine's attorney general, the hack affected more than 8.9 million clients of MCNA Dental. That makes this incident the largest breach of health information of 2023 so far, after the PharMerica breach that saw hackers access the personal data of almost 6 million patients. The LockBit ransomware group took responsibility for the cyberattack and published 700GB of files after the company refused to pay a $10 million ransom demand.
Re: Who isn't' exposed? (Score:2)
I have no teeth, so I gueth I'm not exthpothed
Re: (Score:2)
Yeah, I usually get a letter around once every 1-2 years stating that somebody has acquired my data by hacking company/system X.
And this is only for companies that detected the breech and were forced to send formal notifications out to the compromised parties. I'm sure a lot are never discovered, some aren't forced to send out notices, etc...
dental health software is very crappy and easy to (Score:2)
dental health software is very crappy and easy to get data out of.
also lots of local office networks do not much in the way of full time IT staff.
Re: (Score:3)
This wasn't an attack on dental clinics. It was a MAJOR insurance company which does or should have quite a lot of full-time IT staff.
As usual, we won't get any information about what method or vulnerability was used and against what type of system.
In any case, at least they didn't pay the ransom. That is the WORST thing for all of us because it just continues to incentivize these attacks. The money they should pay now is fines.
Close call (Score:2)
I had a toothache, and my dentist had raised his prices, so i was going to enroll in this .. but then I saw a youtube video saying that massaging the gums can help alleviate toothaches. So I did that and remarkably the toothache went away so I didn't bother to sign up.
I guess I escaped by the skin of my teeth.
Thanks..
Abcesses suck (Score:4, Informative)
Re: (Score:2)
I had a toothache, and my dentist had raised his prices, so i was going to enroll in this .. but then I saw a youtube video saying that massaging the gums can help alleviate toothaches. So I did that and remarkably the toothache went away so I didn't bother to sign up.
I guess I escaped by the skin of my teeth.
Thanks..
I hate that I appreciated this.
Look, Ma (Score:3)
No teeth!
Re: Look, Ma (Score:2)
Yeah. HIPPA really needs to be strengthened and these companies held responsible for breaches.
Dummy Spit of Pure Evil (Score:2)
I'm sure the insurance provider has a certain amount of blame in this but it's hard not to overlook what a monumental cunt you need to be to screw over 9 MILLION innocent people because you didn't get your payola.
That's just Monsanto-level evil right there. Maybe even Haliburton-level.
Re: (Score:2)
> That's just Monsanto-level evil right there. Maybe even Haliburton-level.
Actually, I take that back. This isn't quite "let's make a tomato that could destroy all life on the planet" or "let's invade and murder millions of people because they won't built our pipeline". It's probably closer to the casual torment and cruelty that Microsoft inflicts on the world every time they release a new product. It's like - yeah, you'll probably survive this, but is life still worth living?
Will this take a bite out of their profits? (Score:2)
Trick question!! No data breach ever cost a company enough to have any impact on their bottom line or their ongoing behavior. If banks and telcos keep failing to protect user information, why would anyone think an insurance company would give a crap about exposing user data?
Business is mostly about executive bonuses and perks, and nothing will ever get in the way of that gravy train. That's why the CxO class always has a perfect white grin when the suckers can't see them glo
Fine them! (Score:2)
Instead of the current class-action-lawsuit regime, where lawyers get fees and users get a year of credit monitoring, there should be a simple fine, levied by the Federal Trade Commission.
If you leak information suitable for identity theft, you owe the FTC $100 per individual's info leaked.
In this case, that would be $900 million, which would definitely get their attention.
As Lisa Simpson would say... (Score:2)
As Lisa Simpson would say..."that's the tooth!" as she comes off nitrous oxide at the dentist office, or Homer...
https://knowyourmeme.com/memes... [knowyourmeme.com]
https://www.youtube.com/watch?... [youtube.com]
JoshK.
Other thoughts, the dental insurance cut its teeth, or the ransomware attackers were longer in the dragon's tooth, etc.
Humbug (Score:2)
This is what happens, and will keep happening, so long as medical software keeps being written to run on Windows.