Extended MLTC

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Breach at Extended MLTC NY

Extended MLTC, LLC was one of the entities affected by a significant data breach reported by Managed Care of North America, Inc. (MCNA), which also does business as MCNA Dental. This breach is considered the largest healthcare data breach reported by a single covered entity in the year it occurred, impacting approximately 8.9 million individuals[1].

Details of the Breach

The breach was discovered on March 6, 2023, when MCNA found that an unauthorized third party had accessed certain systems within its IT network. The threat was contained immediately, and a third-party cybersecurity firm was engaged to investigate the intrusion[1].

Information Compromised

The types of compromised information varied from individual to individual but included protected health information such as addresses, telephone numbers, email addresses, birth dates, Social Security numbers, driver’s license numbers, government-issued ID numbers, health insurance information, Medicare/Medicaid ID numbers, group plan names and numbers, and information related to dental and orthodontic care provided[1].

Response to the Breach

MCNA has enhanced its security controls and monitoring practices to minimize the risk of further incidents. The LockBit ransomware group claimed responsibility for the attack and demanded a $10 million ransom to prevent the publication of all the stolen data. The ransom was not paid, and the group published the stolen files on April 7, 2023[1].

Affected individuals are being notified and offered complimentary credit monitoring services for 1 or 2 years, as dictated by the minimum terms required by state laws. MCNA sent notifications on behalf of various insurance plans, including Extended MLTC, LLC[1].

Legal and Regulatory Actions

There is no specific information provided in the search results about legal or regulatory actions taken against Extended MLTC, LLC as a result of the breach. However, such incidents often lead to investigations by state attorneys general and could result in fines and settlements, as seen in other cases[5][11].

Conclusion

The breach at Extended MLTC, LLC is part of a larger cybersecurity incident affecting MCNA and numerous other entities. The incident underscores the importance of robust cybersecurity measures and the potential consequences of data breaches in the healthcare sector. Affected individuals should take steps to monitor their accounts and credit reports for any unusual activity.

Citations:

  1. https://www.hipaajournal.com/managed-care-of-north-america-hacking-incident-impacts-8-9-million-individuals/
  2. https://healthfirst.org/newsroom/healthfirst-reports-privacy-breach-impacting-1811-members
  3. https://www.health.ny.gov/health_care/medicaid/redesign/mrt90/mltc_policy/21-03.htm
  4. https://www.myinjuryattorney.com/managed-care-of-north-america-inc-data-breach-investigation/
  5. https://ag.ny.gov/press-release/2023/attorney-general-james-secures-350000-long-island-home-health-care-company
  6. https://www.health.ny.gov/health_care/medicaid/redesign/mrt90/mltc_policy/docs/2022-04-27_mltc_22-01.pdf
  7. https://www.vnshealthplans.org/notice-of-independent-living-systems-data-breach/
  8. https://www.health.ny.gov/health_care/medicaid/redesign/mltc_policy_15-07.htm
  9. https://www.medicaidplanningassistance.org/new-york-managed-long-term-care/
  10. https://www.nytimes.com/2013/04/26/nyregion/new-york-suspends-enrollment-in-long-term-care-plan.html
  11. https://spectrumlocalnews.com/nys/central-ny/news/2023/11/08/ag-james-secures–450-000-from-wny-medical-company-for-data-breach
  12. https://spectrumlocalnews.com/nys/central-ny/politics/2024/02/08/managed-long-term-care-plans-fight-n-y–bill-to-eliminate-them
  13. http://health.wnylc.com/health/news/78/
  14. https://www.nysenate.gov/legislation/bills/2023/S7800
  15. http://health.wnylc.com/health/entry/114/
  16. https://www.chiefhealthcareexecutive.com/view/cyberattack-of-new-york-hospitals-prompts-diversion-of-patients-it-systems-shut-down
Breach Submission Date Sep 26, 2022
Converted Entity Name Extended MLTC
Converted Entity Type Health Plan
State NY
Individuals Affected 5,494
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes