American dental insurer, MCNA Dental, has suffered a ransomware-related data breach that has exposed the data of more than 8.9 million patients.
In a notice published to its website on May 26, MCNA Dental said that it became aware of malicious actors gaining unauthorized access to its systems on March 6. An investigation into the data breach revealed that malicious actors had been accessing MCNA Dental’s network since February 26.
During the malware attack and subsequent data breach, a total of 8,923,662 patients had their data accessed. The data stolen by the hackers included contact information such as patient names, addresses, dates of birth, phone numbers and email addresses, as well as confidential information including patient social security numbers, driver’s license numbers and Government-issued ID numbers.
The malicious actors also gained access to medical information like health insurance information including plan information, insurance company, member number and Medicaid-Medicare ID numbers, information on teeth or braces care, treatment, bills and insurance claims.
MCNA said that it has taken steps to prevent a similar attack happening in the future. The insurance company has contacted law enforcement regarding the breach and has offered all those impacted by the breach a free identity protection service.
What is ransomware?
Ransomware is a type of malicious software (also known as malware) that infects systems, encrypting the data on them and extorting the owners of said network to unencrypt the data. Ransomware can be spread via a number of vectors, including poisoned email attachments, USBs and phishing links.
The costs of ransomware can be devastating. In 2022, the average cost of a ransomware attack was US$4.35 million. This is only predicted to increase, with the global damages of ransomware forecasted to reach $250bn by 2031.
Learn more about ransomware and other kinds of malware with Cyber Security Hub’s Ultimate guide to malware.