Everest Ransomware Hits MCNA Dental Exposing 1 Million Records
Everest Ransomware Group Targets MCNA Dental
MCNA Dental, the largest dental insurer in the United States for government-sponsored Medicaid and Children's Health Insurance Program (CHIP) plans, has fallen victim to a ransomware attack by the Everest ransomware group. The attackers claim to have accessed 1 million patient records, potentially compromising sensitive personal and medical information.
About MCNA Dental
MCNA Dental, officially known as Managed Care of North America, Inc., is a prominent dental benefits administrator based in Fort Lauderdale, Florida. Founded in 1992, the company specializes in providing dental benefits for state-sponsored Medicaid and CHIP programs. Serving over 3.5 million members across seven states, including Florida, Texas, and Idaho, MCNA Dental is recognized for its comprehensive dental services and value-added benefits aimed at improving oral health outcomes.
Attack Overview
The Everest ransomware group has claimed responsibility for the attack on MCNA Dental via their dark web leak site. The group alleges that they have exfiltrated 1 million patient records, which could include sensitive personal and medical information. This breach highlights the vulnerabilities in MCNA Dental's cybersecurity infrastructure, making it a target for sophisticated threat actors.
About Everest Ransomware Group
The Everest ransomware group is a notorious cybercriminal organization active since at least December 2020. Known for its involvement in ransomware attacks, data exfiltration, and initial access brokering, Everest targets organizations across various industries, including healthcare. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement, using AES and DES algorithms to encrypt files.
Penetration Tactics
Everest ransomware group distinguishes itself through its dual role as a ransomware operator and an Initial Access Broker (IAB). The group often sells backdoors into compromised organizations to other criminals. In the case of MCNA Dental, the attackers likely exploited vulnerabilities in the company's cybersecurity defenses, such as weak RDP configurations or compromised user accounts, to gain unauthorized access to sensitive data.
Implications for MCNA Dental
This attack underscores the critical need for enhanced cybersecurity measures in the healthcare sector, particularly for organizations handling sensitive patient information. As MCNA Dental navigates the aftermath of this breach, the focus will likely be on enhancing their cybersecurity protocols to prevent future incidents.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!