Breach Security Often Boils Down To Password Security

A recent data breach at dental benefits provider Managed Care of North America, Inc. (MCNA) affected 8,923,662 individuals. The organization reported the data breach to the Maine Attorney General in May 2023.

On March 6, 2023, the employer discovered that an unauthorized third party was accessing certain systems in its network. The organization reportedly contained the threat immediately and worked with a third-party cybersecurity firm to investigate the breach and determine its nature and scope.

The forensic investigation found that hackers had infected the organization's network with malicious code and removed some personal and protected health information between February 26 and March 7.

Although compromised information varied by person, some of the information in the copied files included "names, addresses, telephone numbers, email addresses, birth dates, Social Security numbers, driver's license numbers, government-issued ID numbers, health insurance information, Medicare/Medicaid ID numbers, group plan names and numbers, and information related to the dental and orthodontic care provided."

MCNA stated that it has enhanced its cybersecurity protections and monitoring practices to help prevent a future data breach. The ransomware group LockBit leaked some of the stolen data on its dark web site and demanded a ransom of $10 million to prevent the publication of the rest of the data.

On April 07, 2023, LockBit published all the stolen files, suggesting a ransom was not paid.

Those impacted by the data breach are being notified and offered one or two years of free credit monitoring, depending on state laws. Steve Alder "Managed Care of North America Hacking Incident Impacts 8.9 Million Individuals" www.hipaajournal.com (May 30, 2023).

Commentary

All industries are vulnerable to efforts to breach organizational networks. Government agencies, financial organizations, insurance companies, phone service providers – the biggest hacks in 2023 involve these types of industries.

Password security is a must. Passwords must not include words found in the dictionary, even if they are slightly altered, or personal information, like a birthdate or a pet's name. Rather, strong passwords should contain many characters - the longer the better -as well as a combination of upper- and lower-case letters, numbers, and special characters. Configure your systems to require passwords to be changed frequently.

Additional breach-preventing practices include: implement multi-factor authentication; use firewalls; control access to information you want protected; limit network access; control physical access; protect mobile devices; train employees on password, phishing, and business email compromises; maintain anti-virus software; and install a culture of cybersecurity in your organization.

 

Finally, your opinion is important to us. Please complete the opinion survey:

News

".Gov" Emails And Their Social Engineering Value To Online Criminals

Washington County, Arkansas officials report they successfully thwarted a cyber attack. Why was the county targeted? We comment. Read More

Upgrades And Updates: Why Smart Organizations Stay On Top Of Both

Some experts are warning users about the risk of the iPhone's new contact-sharing feature. We examine cyberthieves' methods for obtaining personal or organizational information. Read More

Human Error And Password Security

Most adverse cyber events are caused by human error. We examine common errors that lead to significant breaches. Read More