McNA Dental, one of the largest suppliers of dental care and insurance for low -income segments of the US population (Medicaid and Chip), published a notification of almost 9 million patients.
In the notification, published on Friday , McNA reports that on March 6, 2023 she discovered unauthorized access to her computer systems . According to the results of the investigation, it turned out that hackers first entered the MCNA network on February 26 this year.
During this time, attackers stole the data containing the following information of almost nine million customers of MCNA DENTAL:
- Name
- Address
- date of birth
- phone
- Social insurance number
- number of driver’s license
- number of state certificate
- Health insurance
- tooth care or braces (visits, dentist name, history procedures, x -rays, photos, prescribed treatment)
- accounts and insurance claims
in notification filed in Office of the General Prosecutor of the state of Maine, it is said that hacks affected 8,923,662 people, including patients, parents, guardians or guarantors.
McNA claims that she has already taken all the necessary steps to eliminate the situation and increase the safety of her systems in order to prevent such incidents in the future. The company also turned to law enforcement agencies to receive assistance in preventing abuse of stolen information.
Notifications sent by the company to the victims contain instructions for obtaining 12 months of free protection against theft of personality and monitoring the credit history through the IDX service.
Lockbit extortion group announced an attack on MCNA on March 7, 2023, when she published the first data samples stolen by a medical provider. The group threatened to publish 700 GB of sensitive and confidential information, which they allegedly pumped out of MCNA networks if they did not pay $ 10 million.
Apparently, the money ransom was not transferred to cybercriminals, since on April 7 the group published all the data on its leakage website, making it available for download to anyone.
All injured users should now control their credit reports for fraudulent actions and signs of personality theft. In addition, users should be careful with targeted phishing letters that can use merged data to deceive and abduct additional sensitive information, such as accounting data.