case study1

MCNA Dental experienced a significant ransomware attack in March 2023, orchestrated by the LockBit group, resulting in the compromise of personal information of approximately 8.9 million individuals. The attackers demanded a $10 million ransom, which was not paid, leading to the publication of stolen data on the dark web. In response, MCNA has enhanced its security measures and offered credit monitoring services to affected individuals.

Uploaded by

raspi.project13

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

2 views

case study1

Uploaded by

raspi.project13

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 6

Case Study

Ransomware
Attack

MCNA Dental

© Copyright IBM Corp. 2023

1. Description of the Attack Category
Ransomware is a type of malicious software (malware) that encrypts a victim's files or locks them out of their
system, demanding a ransom payment to restore access. The attack typically begins with the delivery of the
ransomware payload through phishing emails, malicious websites, or exploiting vulnerabilities in software.
Once the ransomware is executed, it encrypts the victim's data and displays a ransom note with instructions on
how to pay the ransom, usually in cryptocurrency, to obtain the decryption key. Ransomware attacks can be
devastating, causing significant operational disruptions, financial losses, and reputational damage. There are
different types of ransomware, including:

• Encrypting Ransomware: Encrypts files and demands a ransom for the decryption key.
• Locker Ransomware: Locks the victim out of their device entirely, demanding a ransom to unlock it.
• Double Extortion Ransomware: Encrypts data and threatens to release stolen data publicly if the ransom
is not paid.

2. Statistic about Ransomware Attacks

Attack Category: Ransomware attacks have been on the rise, with significant financial impacts on organizations. According to
the 2022 Verizon Data Breach Investigations Report, ransomware attacks surged by 13%, highlighting the

Ransomware
increasing prevalence and severity of such incidents. Additionally, the average ransom payment in 2024 is
reported to be $2.73 million, almost an increase of $1 million from 20232.These statistics underscore the critical
need for robust cybersecurity measures to prevent and mitigate the impact of ransomware attacks.

SOURCES:
1. https://www.varonis.com/blog/ransomware-statistics
2. https://www.ibm.com/topics/ransomware
Description of the Company and Incident Summary
MCNA Insurance, also known as MCNA Dental, is a prominent provider of dental benefits
and services, primarily catering to state Medicaid and Children's Health Insurance
Programs (CHIP). The company is headquartered in the United States and serves millions
of individuals, including children and seniors, through government-sponsored plans.
MCNA Dental is recognized for its extensive network of dental care providers and its
commitment to improving oral health outcomes for underserved populations.In March
2023, MCNA Insurance experienced a significant data breach resulting from a
ransomware attack. The attack was orchestrated by the notorious LockBit ransomware
group, which gained unauthorized access to MCNA's computer systems on February 26,
Company 2023. The attackers were able to infiltrate the network and exfiltrate sensitive data over a
period of several days, concluding on March 7, 20232.The breach compromised the
Description and personal information of approximately 8.9 million individuals, making it one of the largest
healthcare data breaches of the year. The stolen data included names, addresses, dates

Breach Summary
of birth, phone numbers, email addresses, Social Security numbers, and driver’s licenses
or other government-issued ID numbers3. Additionally, the attackers accessed patients'
health insurance data, including plan information and Medicaid ID numbers, along with
billing and insurance claim information.MCNA Insurance promptly detected the unusual
activity on its network and initiated an investigation with the help of third-party
cybersecurity experts. Despite these efforts, the LockBit group demanded a $10 million
ransom to prevent the publication of the stolen data1. When the ransom was not paid, the
attackers published the stolen files on their dark web leak site.In response to the breach,
MCNA Insurance has taken several measures to enhance its security posture, including
implementing additional security controls and monitoring practices to prevent future
incidents. The company also notified affected individuals and regulatory authorities,
offering complimentary credit monitoring services to those impacted by the breach2.
1 March 2023: MCNA Insurance detects unusual activity on its network.

March 2023: The company confirms a ransomware attack and begins

2
an investigation.

April 2023: MCNA Insurance notifies affected individuals and

3
regulatory authorities about the breach.
Timeline
April 2023: The company works with cybersecurity experts to contain
4 the breach and restore systems.

May 2023: MCNA Insurance implements additional security measures

5
to prevent future attacks.

June 2023: The company provides free credit monitoring services to

6
affected individuals.
Vulnerabilities
In this box, provide an overall vulnerability summary.
Then provide a summary of 4 specific vulnerabilities for your case in the boxes below.

Vulnerability 1 Vulnerability 2 Vulnerability 3 Vulnerability 4

Lack of Multi- Outdated Insufficient Weak Network
Factor Software: The use Employee Segmentation:
Authentication of outdated Training: Poor network
(MFA): The software with Employees were segmentation
absence of MFA known not adequately allowed the
made it easier for vulnerabilities trained to recognize attackers to move
attackers to gain provided an entry phishing attempts, laterally within the
unauthorized point for the which facilitated the network and access
access to the attackers. initial compromise. sensitive data.
network.
Prevention

1. Implement Multi-Factor Authentication

(MFA): Enhance security by requiring
multiple forms of verification for access.

2. Regular Software Updates: Ensure all

software is up-to-date with the latest
security patches.
Prevention 3. Employee Training: Conduct regular
training sessions to educate employees
about phishing and other cyber threats.