The LockBit ransomware gang have claimed yet another scalp – The Managed Care of North America (MCNA) Dental.
The organisation filed a data breach notification with the Maine Attorney General on the 26th May identifying that the breach has affected 8,923,662 people.
The organisation published a Data Breach notice on their website on the same day as the formal breach notification stating that they had become aware of “certain activity in our computer system that happened without our permission.”
The notice states that they identified that “a criminal was able to see and take copies of some information in our computer system between February 26, 2023 and March 7, 2023.” and that the data stolen contained:
- Contact information – first and last name, address, date of birth, phone number, email
- Social Security number
- Driver’s license number/other government-issued ID number
- Health insurance (plan information, insurance company, member number, Medicaid-Medicare ID numbers)
- Care information – visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment)
- Bills and insurance claims
The data has been fully released on the LockBit dark web forum and is available for anyone to download – suggesting that MCNA did not comply with the gangs demands for monies which expired on the 6th April – The ransom was set at USD$10M.
The data dump exceeds 760GB and consists of over 1.25 million files relating to all of the companies 8.9 million customers, suppliers, and staff.
The files are varied and includes emails, invoices, dental plans, Insurance claims, confidentiality agreements, Salary details, banking statements, and much more.
