Major Data Breaches in July 2023
Managed Care of North America (MCNA)
US Dental Insurance Provider
News Coverage : Tech Crunch
Breach Size: 9 Million
Data Exposed: Names, addresses, dates of birth, phone numbers, email addresses, Social Security numbers, and driver’s licenses or other government-issued ID numbers, health insurance plan information and Medicaid ID numbers, along with bill and insurance claim information.
The Russian ransomware group Lockbit successfully gained access to MCNA systems and a significant amount of patients’ personal data was compromised. The group publicly disclosed all the stolen files from the data breach after their demand for a US $10 million ransom was denied by the company.
When the breach was uncovered, MCNA immediately began an investigation with law enforcement and is working to strengthen its computer systems in an effort to avoid future data breaches.
News Coverage: Forbes
Breach Size: 11 Million+
Data Exposed: Patient names, addresses, emails, phone numbers, dates of birth, genders, service dates, appointment locations, and appointment dates.
Private sensitive patient information for over 11 million HCA Healthcare patients was compromised when hackers gained access to external storage within an email automation platform used to send patient alerts.
HCA operates more than 180 hospitals and 2,000 care locations, such as walk-in clinics, across 20 states and the U.K.
The company stated that they have “disabled user access to the storage location as an immediate containment measure and plans to contact any impacted patients to provide additional information and support, in accordance with its legal and regulatory obligations, and will offer credit monitoring and identity protection services, where appropriate.
Cloud Computing Software
News Coverage: The Verge
Breach Size: 30 Million+
Data Exposed: Hackers accessed a large database containing more than 30 million Microsoft accounts, emails, and passwords.
When Chinese hacking group Storm-0558 stole a Microsoft private encryption key to access email accounts of high-level government officials, they also gained access to every Microsoft application that supports personal account authentication. This includes popular Microsoft applications such as SharePoint, Teams, OneDrive, as well as any 3rd applications that support login with Microsoft functionality. The breach remained undetected for a month until an investigation began following customer-reported information.
The full impact of this incident is thought to be much larger than what Microsoft has disclosed up to this point.
MOVEit Breach (UPDATE)
File Transfer Software
News Coverage: TechRadar
Updated Breach Size: 455 Organizations, 23 Million+ individuals
Data Exposed: Sensitive data of commercial and individual clients, including personally identifiable information of individuals.
The Russian ransomware group The Clop initiated a series of highly-automated cyberattacks over Memorial Day weekend. The group is intensifying its tactics to coerce victims into paying a ransom.
Among the victims of these attacks are prominent organizations such as Honeywell, Sun Life Assurance, University of Texas Southwestern Medical Center, Bristol Myers Squibb, and Radisson hotels.
A security alert and patch for MOVEit was issued on May 31 that blocked further attacks. Whether or not additional attacks continued following the patch has not been disclosed.
IDSeal can help
We get it. Being part of a data breach can be scary. While you can’t undo what has already been done, you can be prepared for the next steps when you have IDSeal.
If your information is compromised, chances are it will end up for sale on the dark web. IDSeal members have their personal and financial information monitored around the clock, so if it’s found on the dark web, they’ll receive a notification with instructions on the next steps to take.
If your information is used without your consent, IDSeal will be there to help with our licensed restoration specialists. Our protection plans even include up to $1M in insurance² to help recover any losses associated with identity theft.
The most important piece? You don’t have to be alone. IDSeal will be by your side every step of the way, from the moment you get an alert and suspect identity theft until the time you receive reimbursement for lost funds.