A ransomware attack may have compromised nearly nine million individuals' personal information in the United States. This is due to the harm caused by an apparent attack on a dental health insurer — one of the country's largest.

According to Managed Care of North America (MCNA) Dental, a multinational dental insurance company headquartered in the United States, the company took notice of certain activities in its computer system on March 6, 2023. MCNA immediately stopped those activities and began an investigation.

As a result, despite those steps being taken, the LockBit ransomware – which acquired responsibility for the attack – is making a comeback with a threat to leak 700GB of data stolen from MCNA's network if the company does not pay the attackers a $10 million ransom. To allow anyone to download all of the data, reports suggest the group released the data on its website on April 7 for anyone to download.

There are several dental insurers in the United States. However, Managed Care of North America (MCNA) Dental claims to be the nation's largest dental insurer for children and seniors covered by government-sponsored plans. Among the notices the company posted on Friday, it stated it became aware on March 6 that "certain activities in our computer system took place without our permission" and that the company had decided to take action. After it was discovered that a hacker had gained access to their computer system between February 26 and March 7, 2023, the company became suspicious that there was a breach of security. 

A breach notice from MCNA ticks the typical boxes: it was discovered that a criminal could view and copy some information stored in our computer system using IDX, a ZeroFox Inc.-owned company. 

Names, addresses, dates of birth, telephone numbers, e-mail addresses, Social Security numbers, driver's licenses, and other government-issued identification numbers were among the information that was stolen. There was also information regarding health insurance details, dental care records, billing, and insurance details that were taken. 

According to MCNA Dental, the hackers also gained access to information about a patient's health insurance plan information, Medicaid ID numbers, billing and insurance claim information, and bills and insurance claims. 

During this time, PharMerica, a leading pharmacy service provider with over 2,500 facilities in the US and offering over 3,100 pharmacy and healthcare programs, announced a data breach that exposed nearly six million patients. PharMerica operates in more than 2,500 facilities across the country.

As part of the notification to Maine's attorney general regarding the data breach, PharmaCrime indicated that on March 14, its computer network was discovered to have suspicious activity on it. 

It was reported on March 7 that the LockBit ransomware gang was responsible for the attack, saying they were willing to publish 700 gigabytes of stolen data unless the victim paid a $10 million ransom. LockBit released the data on April 7 because MCNA failed to pay the ransom.

To assist people whose personal information may have been involved in this incident, the insurer is now sending individual letters directly to them. 

Several questions must be addressed about possible liability and responsibilities arising from LockBit having the data and publishing it versus MCNA publishing its breach notice. Until well over a month after LockBit first released its data, the company did not notify its patients of the breach, which gave threat actors ample opportunity to target those in the affected area before the company was fully notified.

In the past, security experts have told organizations that are victims of ransomware not to pay the attackers in exchange for the decryption keys, however, due to double-extortion attacks that can lead to both companies and their clients suffering long-term harm due to data leaks, the rules of the game have changed. There are several factors to consider before paying a ransom. It might be to your advantage to give in to a ransom demand. This will save you a lot of trouble and time in the long run. 

Organizations can take several measures to prevent ransomware attacks from gaining a foothold in their networks. These measures include enhancing their overall security defense posture and implementing multifactor authentication (MFA). 

As part of their efforts to prevent phishing attacks, organizations should also maintain strong controls to shield them since attackers often use credentials stolen in this way as an entry point into a network to launch ransomware attacks and other malicious software.