MCNA Dental Hit by Everest Ransomware Exposing 1M Records
MCNA Dental Falls Victim to Everest Ransomware Attack
MCNA Dental, a leading dental insurance provider in the United States, has recently been targeted by the Everest ransomware group. This attack has compromised over one million personal electronic medical records, exposing sensitive patient information such as names, addresses, dates of birth, and Social Security numbers. The breach highlights the ongoing vulnerability of healthcare organizations to ransomware attacks, given the high value of medical data on the black market.
About MCNA Dental
MCNA Dental, officially known as Managed Care of North America, Inc., is a prominent dental benefits administrator based in Fort Lauderdale, Florida. Founded in 1992, the company has grown to become the largest dental insurer for government-sponsored Medicaid and Children's Health Insurance Program (CHIP) dental plans, serving over 3.5 million members across seven states. MCNA Dental is recognized for its extensive network of credentialed dentists and its commitment to quality care, having received multiple national accreditations, including URAC Dental Plan Accreditation and NCQA Accreditation.
Attack Overview
The Everest ransomware group reportedly gained unauthorized access to MCNA Dental's network, encrypting critical data and demanding a ransom for decryption. The attack has prompted MCNA Dental to initiate an investigation, involving cybersecurity experts to assess the extent of the breach and implement measures to prevent future incidents. This incident underscores the persistent threat of ransomware to healthcare organizations, which are often targeted due to the high value of medical data.
About Everest Ransomware Group
The Everest ransomware group is a notorious cybercriminal organization known for its involvement in ransomware attacks, data exfiltration, and initial access brokering. Active since at least December 2020, Everest has targeted organizations across various industries, with a particular focus on the Americas. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol for lateral movement, using AES and DES algorithms to encrypt files. Everest has also been observed acting as an Initial Access Broker, selling backdoors into organizations to other criminals.
Potential Vulnerabilities
MCNA Dental's extensive network and large volume of sensitive data make it an attractive target for ransomware groups like Everest. The healthcare sector's reliance on electronic medical records and the high value of such data on the black market further increase the risk of being targeted. This attack serves as a reminder of the importance of effective cybersecurity measures to protect against such threats.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!