MCNA, also known as Managed Care of North American Dental, has issued a statement on its website regarding a data breach it is currently experiencing, which has compromised the information of over 9 million patients. As the largest government-sponsored health insurance organization, MCNA states that its systems were possibly infiltrated on February 26th, 2023, but the breach was only identified by its IT staff in the first week of March this year.
The stolen information includes the full names, addresses, dates of birth (DoBs), contact numbers, email IDs, social security numbers, driving license details, health insurance plan details, insurance IDs, patient data such as the patients’ use of lenses, spectacles, and braces, as well as insurance claims history and bills.
The Maine Attorney General confirmed that the breach impacted approximately 8,923,662 patients, including their parents, guardians, and guarantors. The LockBit Ransomware gang has taken responsibility for the attack and has threatened to publish all the 1TB of data stolen from the incident if their ransom demand of $10 million is rejected.
The second piece of news was revealed by a security firm named Cyber Sentience. This firm, specializing in threat intelligence, stated that information related to access to the IT systems of New Zealand schools and tertiary institutes was being traded on certain websites on the dark web for a meager $500 USD.
Cyber Sentience issued a cautionary statement, informing that information related to 8 universities and login details for computer and email networks of over 556 school institutes were already being traded on the web.
The third news item relates to malware designed to disrupt power utility computer networks. Dubbed Cosmicenergy, the malware has the capability to steal and destroy information and applications running on the transmission and distribution network.
Russian intelligence is suspected to be behind the development of the malware, which shares similarities with previous versions with similar motives, such as Industroyer, which attempted to disrupt power grids in Ukraine in March 2022.
