MCNA has released a notice informing insurance holders of a data leak affecting nearly 9 million individuals across the United States.
What happened
Managed Care of North America, Inc (MCNA) and their partner, MCNA Dental, have notified users and the Attorney General of Maine regarding a large data breach that occurred between February 26th and March 7th of 2023.
In the notification to the Attorney General, MCNA’s counsel said that up to 8,923,662 individuals were affected, including those living in the District of Columbia, Iowa, Maine, Maryland, New Mexico, New York, and North Carolina. The notification also stated that MCNA discovered the breach on May 3rd.
In the notice of data breach to users, MCNA said personal information, like social security numbers, driver’s license numbers, and more, was stolen alongside personal health information, including care for teeth and insurance claims.
LockBit, a large ransomware group, took responsibility for the attack and threatened to publish all materials if a $10 million ransom wasn’t paid. The stolen materials were published on LockBit’s leak site on April 7th.
In response, MCNA is offering identity theft protection services, including credit monitoring and more.
Why it matters
Healthcare industries are increasingly popular targets for ransomware attacks, and the consequences can be devastating for patients.
At times, ransom groups have held data hostage, making it difficult for hospitals to operate normally. It can be costly to have information restored or, if the ransom isn’t paid, can harm individuals by sharing their personal data.
Read more:
- Ransomware attacks on healthcare increased in 2022
- Report shows increasing ransomware and lawsuits for pixel use
What was said
In their online statement, the MCNA team said that once they learned about the data breach, they “immediately began an investigation. Law enforcement was contacted. We are also making our computer systems even stronger than before because we do not want this to happen again.”
In the FAQ section, the MCNA team also stated that the notification was delayed because of the complexity of the breach, “it was important that a thorough investigation into the matter took place to confirm what happened, and identify those individuals who may have been impacted.”
Going deeper
The MCNA data breach follows the breach of PharMerica, a pharmacy service company, that also took place in March. According to their report, nearly 6 million individuals were affected in this data leak.
In light of recent and ever-evolving ransomware trends, the U.S. JRTF has released new guidance on how healthcare organizations can best protect themselves from ransomware, and how they should respond to attacks.
Read more: #StopRansomware Guide released by the U.S. Joint Ransomware Task Force
The bottom line
Ransomware can have devastating economic costs and impact patients’ well-being. The best strategy to fight ransomware is to stay current on ransomware trends and guidances. Companies should ensure their employees are informed on cybersecurity procedures and that systems are as secure as possible.
Read more: HIPAA Compliant Email: The Definitive Guide
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.