A ransomware attack in February against MCNA Dental Insurance, one of America’s largest dental health insurers, exposed the personal information nearly nine million patients in the largest breach of health information so far this year.
“The information stolen includes a trove of patients’ personal data, including names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s licenses or other government-issued ID numbers,” TechCrunch reports.
“Hackers also accessed patients’ health insurance data, including plan information and Medicaid ID numbers, along with bill and insurance claim information. In some cases, some of this data pertained to a patient’s ‘parent, guardian, or guarantor,’ according to MCNA Dental, suggesting that children’s personal data was accessed during the breach.”
Takeaway: Criminal ransomware groups have shown time and time again that there is no line they will not cross. Whatever data these groups can extract from a target will be weaponize in their extortion schemes. The patients whose personal information is stolen will continue to be at risk of identity theft and financial fraud well into the unforeseeable future.
Ransomware attacks that include the theft of sensitive data will continue unabated until the profit motives for the threat actors are eliminated. This is organized crime we are dealing with; they only care about bringing pain to victims for their own financial gain.
Ransomware groups continue to victimize the insurance providers simply because they are for the most part easy targets, and they have a wealth of personally identifiable information.
Legacy security tools like Antivirus and NextGen Antivirus are simply not designed to address the unique threat that ransomware presents. And even if the insurance and healthcare sectors had better solutions to assist them, they would still lack the staff to properly manage them and realize any benefits.
To protect themselves and their patients, organizations that handle personally identifiable information (PII/PHI) must reevaluate what kinds of data they collect and store and for how long. Eliminating the unnecessary storage of sensitive data will make organizations a less attractive target to attackers and help reduce collateral damage after a successful attack.
Since the options for prevention are limited, the focus should on implementing a resilience strategy and assume they will be the victim of a ransomware attack and have the contingencies in place to recover as quickly as possible. This includes endpoint protection solutions, patch management, data backups, access controls, staff awareness training, and organizational procedure and resilience testing to be successful.
Organizations need to plan for failure by running regular tabletop exercises and ensuring all stakeholders are ready and available to respond to an attack at all times. A determined attacker with enough time and resources is going to find a way around security controls. Planning to be resilient in the aftermath of a successful ransomware attack is the best advice there is - putting all your efforts into prevention alone is just not going to be enough.
Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.