MCNA: Hackers put data of nine million U.S. patients on the Internet

Zoom Image

Dentist data tapped: Data from the US insurer MCNA was published on the Darknet

Photo: LightFieldStudios / iStockphoto / Getty Images

Criminals hacked the U.S. dental insurance company Managed Care of North America (MCNA) and published the data on the darknet. In doing so, they captured private information such as the address, telephone number or e-mail address of insured persons. Medical data such as X-rays, information on treatments, prescribed medications and names of the attending physicians can also be found in the data set.

A total of almost nine million of the company's customers are affected. This is according to a report about the data protection incident published by the Office of the Attorney General of the US state of Maine. MCNA itself also published details about the hacker attack at the end of May in order to inform its policyholders.

The company, which is considered one of the leading dental insurers in the United States, was hacked on February 26, but did not notice the incident until March 6. During this time, the perpetrators managed to retrieve and copy internal information, MCNA said. They apologize to the insured for the data breach and have set up a free hotline for those affected, it said.

Because the hackers were also able to tap into social security and driver's license numbers, among other things, some of those affected are now threatened with further attacks. Appropriate information makes identity theft comparatively easy for criminals. They could commit crimes under a false name or deceive victims with personalized emails to get more information from them. According to the IT trade magazine »Bleeping Computer«, MCNA has therefore offered its affected policyholders a one-year free insurance against identity theft.

Clues to the hackers lead to Russia

The data was published on the darknet by the notorious ransomware group LockBit. The hackers steal data from companies and make their systems unusable in order to blackmail them afterwards. In order to increase the pressure, many groups of perpetrators have for some time now started to threaten to publish captured data and then upload it step by step via their darknet site. (Read more about the criminals' scam and why clues often lead to Russia here.)

In the current case, LockBit put the data online about four weeks after the hack, on April 7. According to the criminals, they can only be viewed against a payment in the cryptocurrency Bitcoin. According to the IT trade magazine »Bleeping Computer«, the hackers claim to have captured a total of 700 gigabytes. In addition, you would have asked for a total of 10 million dollars and only then would you have refrained from publishing the data.

Lockbit has been one of the most notorious and active ransomware groups for several years. According to their own statements, the criminals stole about 40 terabytes from Continental, among other things. In Germany, cybercrime specialists from the Cologne public prosecutor's office are investigating LockBit. As with other ransomware groups, experts see indications in the case of LockBit that the people behind it are operating out of Russia.

HPP