Everest Ransomware Hits MCNA Dental Exposing 1 Million Records

Incident Date:

September 16, 2024

World map

Overview

Title

Everest Ransomware Hits MCNA Dental Exposing 1 Million Records

Victim

MCNA Dental

Attacker

Everest

Location

Fort Lauderdale, USA

Florida, USA

First Reported

September 16, 2024

Everest Ransomware Group Targets MCNA Dental

MCNA Dental, the largest dental insurer in the United States for government-sponsored Medicaid and Children's Health Insurance Program (CHIP) plans, has fallen victim to a ransomware attack by the Everest ransomware group. The attackers claim to have accessed 1 million patient records, potentially compromising sensitive personal and medical information.

About MCNA Dental

MCNA Dental, officially known as Managed Care of North America, Inc., is a prominent dental benefits administrator based in Fort Lauderdale, Florida. Founded in 1992, the company specializes in providing dental benefits for state-sponsored Medicaid and CHIP programs. Serving over 3.5 million members across seven states, including Florida, Texas, and Idaho, MCNA Dental is recognized for its comprehensive dental services and value-added benefits aimed at improving oral health outcomes.

Attack Overview

The Everest ransomware group has claimed responsibility for the attack on MCNA Dental via their dark web leak site. The group alleges that they have exfiltrated 1 million patient records, which could include sensitive personal and medical information. This breach highlights the vulnerabilities in MCNA Dental's cybersecurity infrastructure, making it a target for sophisticated threat actors.

About Everest Ransomware Group

The Everest ransomware group is a notorious cybercriminal organization active since at least December 2020. Known for its involvement in ransomware attacks, data exfiltration, and initial access brokering, Everest targets organizations across various industries, including healthcare. The group employs a combination of legitimate compromised user accounts and Remote Desktop Protocol (RDP) for lateral movement, using AES and DES algorithms to encrypt files.

Penetration Tactics

Everest ransomware group distinguishes itself through its dual role as a ransomware operator and an Initial Access Broker (IAB). The group often sells backdoors into compromised organizations to other criminals. In the case of MCNA Dental, the attackers likely exploited vulnerabilities in the company's cybersecurity defenses, such as weak RDP configurations or compromised user accounts, to gain unauthorized access to sensitive data.

Implications for MCNA Dental

This attack underscores the critical need for enhanced cybersecurity measures in the healthcare sector, particularly for organizations handling sensitive patient information. As MCNA Dental navigates the aftermath of this breach, the focus will likely be on enhancing their cybersecurity protocols to prevent future incidents.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.