Ransomware breach hits US dental insurance giant, loses data of 9 mn patients, ET CIO
The personal information of nearly nine million people in the US has been compromised in an apparent ransomware attack on one of the country’s largest dental health insurers.
US-based dental insurance giant Managed Care of North America (MCNA) Dental, said: “On March 6, 2023, MCNA became aware of certain activity in our computer system that happened without our permission. We quickly took steps to stop that activity. We began an investigation right away.”
Moreover, the company learned that a criminal was able to see and take copies of some information in their computer system between February 26 and March 7, 2023.
According to a data breach notification filed with Maine‘s attorney general, the hack affected over 8.9 million MCNA Dental clients, reports TechCrunch.
The LockBit ransomware group claimed responsibility for the cyberattack and claims to have published all of the files it stole from MCNA Dental after the company refused to pay a $10 million ransom demand.
According to a listing on LockBit’s dark web leak site, the notorious ransomware gang stole 700GB of data during the intrusion, the report said.
The stolen data includes a trove of personal information from patients, such as names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s licences or other government-issued ID numbers.
Hackers also gained access to patient’s health insurance information, such as plan information and Medicaid ID numbers, as well as bill and insurance claim information, according to MCNA Dental.
Meanwhile, PharMerica, a leading pharmacy service provider in the US, which operates in more than 2,500 facilities across the country and offers over 3,100 pharmacy and healthcare programmes, has disclosed a data breach that compromised the personal information of nearly six million patients.
Ransomware attack hits Point32Health
New England-based health insurance firm Point32Health, which is Massachusetts’ second-largest insurer, has reported having several of its systems for providers, accounts, brokers, and service members …
Ransomware Attack Hits Marinette Marine Shipyard, Results in Short-Term Delay of Frigate, Freedom LCS Construction
Shipyard workers at Fincantieri Marinette Marine on April 12, 2023. USNI News Photo
The Wisconsin shipyard that builds the U.S. Navy’s Freedom-class Littoral Combat Ship and the Constellation-class guided-missile frigate suffered a ransomware attack last week that delayed production across the shipyard, USNI News has learned.
Fincantieri Marinette Marine experienced the attack in the early morning hours of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, two sources familiar with a Navy summary of the attack told USNI News on Thursday.
In a typical ransomware attack, attackers take the information on a server, encrypt it and set terms for a key that will unlock the data.
The attack on Marinette Marine targeted servers that held data used to feed instructions to the shipyard’s computer numerical control manufacturing machines, knocking them offline for several days. CNC-enabled machines are the backbone of modern manufacturing, taking specifications developed with design software and sending instructions to devices like welders, cutters, bending machines and other computer-controlled tools.
Based on information from the Navy, it’s unclear if the attackers stole any data.
In a statement to USNI News, Marinette Marine acknowledged there had been a cybersecurity incident at the shipyard.
“Fincantieri Marine Group experienced a cybersecurity incident last week that is causing a temporary disruption to certain computer systems on its network. The company’s network security officials immediately isolated systems and reported the incident to relevant agencies and partners. Fincantieri Marine Group brought in additional resources to investigate and to restore full functionality to the affected systems as quickly as possible, “ reads a statement from Fincantieri spokesman Eric Dent.
“Repair and construction operations continue at all three U.S. shipyards, however the company’s email and some networked operations remain off-line for now.”
Fincantieri would not elaborate beyond the statement. A Lockheed Martin spokesperson acknowledged a request for comment from USNI News but did not…
Ransomware Hits and Initial Access Listings Grow
The cybercrime economy is alive and well, if counts of known ransomware victims and initial access sales are good gauges of its health.
See Also: Webinar | The Evolution of Network Architecture: What You Don’t Know Can Hurt You
Compared to the first quarter of 2022, the first three months of this year featured a 30% increase in known ransomware victims, totaling 900 organizations, threat intelligence firm Kela reported.
What gets counted: victims who come to light publicly – for example, via ransomware groups’ data leak sites or when a victim issues a public alert. How many victims pay a ransom to avoid being “named and shamed” and publicly outed by attackers is unclear. Also, not all groups run data leak sites. Even when they do, not every nonpaying victim gets listed, for reasons only clear to the extortionists themselves.
Common sources of access to victims’ networks remain dedicated stolen-credential marketplaces and initial access brokers. Both continue to be cornerstones of the cybercrime economy.
Kela counted during the first quarter more than 600 initial access listings for victims. Not all such listings can be tracked, since some vendors don’t advertise what they have for sale on cybercrime forums, but only share them privately. Some brokers also have exclusive arrangements or give right of first refusal to business partners, such as ransomware groups.
A purported member of the Royal ransomware group, using the handle “Baddie,” has been advertising for brokers who can offer network access to victims that have $20 million or more in revenue, Kela reported (see: Fake Data Theft Proof Leads to Royal Ransomware Outbreak).
Compared to the first quarter of 2022, the number of listings increased by 15%, while the average price of an…