Extended MLTC
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
Breach at Extended MLTC NY
Extended MLTC, LLC was one of the entities affected by a significant data breach reported by Managed Care of North America, Inc. (MCNA), which also does business as MCNA Dental. This breach is considered the largest healthcare data breach reported by a single covered entity in the year it occurred, impacting approximately 8.9 million individuals[1].
Details of the Breach
The breach was discovered on March 6, 2023, when MCNA found that an unauthorized third party had accessed certain systems within its IT network. The threat was contained immediately, and a third-party cybersecurity firm was engaged to investigate the intrusion[1].
Information Compromised
The types of compromised information varied from individual to individual but included protected health information such as addresses, telephone numbers, email addresses, birth dates, Social Security numbers, driver’s license numbers, government-issued ID numbers, health insurance information, Medicare/Medicaid ID numbers, group plan names and numbers, and information related to dental and orthodontic care provided[1].
Response to the Breach
MCNA has enhanced its security controls and monitoring practices to minimize the risk of further incidents. The LockBit ransomware group claimed responsibility for the attack and demanded a $10 million ransom to prevent the publication of all the stolen data. The ransom was not paid, and the group published the stolen files on April 7, 2023[1].
Affected individuals are being notified and offered complimentary credit monitoring services for 1 or 2 years, as dictated by the minimum terms required by state laws. MCNA sent notifications on behalf of various insurance plans, including Extended MLTC, LLC[1].
Legal and Regulatory Actions
There is no specific information provided in the search results about legal or regulatory actions taken against Extended MLTC, LLC as a result of the breach. However, such incidents often lead to investigations by state attorneys general and could result in fines and settlements, as seen in other cases[5][11].
Conclusion
The breach at Extended MLTC, LLC is part of a larger cybersecurity incident affecting MCNA and numerous other entities. The incident underscores the importance of robust cybersecurity measures and the potential consequences of data breaches in the healthcare sector. Affected individuals should take steps to monitor their accounts and credit reports for any unusual activity.
Citations:
- https://www.hipaajournal.com/managed-care-of-north-america-hacking-incident-impacts-8-9-million-individuals/
- https://healthfirst.org/newsroom/healthfirst-reports-privacy-breach-impacting-1811-members
- https://www.health.ny.gov/health_care/medicaid/redesign/mrt90/mltc_policy/21-03.htm
- https://www.myinjuryattorney.com/managed-care-of-north-america-inc-data-breach-investigation/
- https://ag.ny.gov/press-release/2023/attorney-general-james-secures-350000-long-island-home-health-care-company
- https://www.health.ny.gov/health_care/medicaid/redesign/mrt90/mltc_policy/docs/2022-04-27_mltc_22-01.pdf
- https://www.vnshealthplans.org/notice-of-independent-living-systems-data-breach/
- https://www.health.ny.gov/health_care/medicaid/redesign/mltc_policy_15-07.htm
- https://www.medicaidplanningassistance.org/new-york-managed-long-term-care/
- https://www.nytimes.com/2013/04/26/nyregion/new-york-suspends-enrollment-in-long-term-care-plan.html
- https://spectrumlocalnews.com/nys/central-ny/news/2023/11/08/ag-james-secures–450-000-from-wny-medical-company-for-data-breach
- https://spectrumlocalnews.com/nys/central-ny/politics/2024/02/08/managed-long-term-care-plans-fight-n-y–bill-to-eliminate-them
- http://health.wnylc.com/health/news/78/
- https://www.nysenate.gov/legislation/bills/2023/S7800
- http://health.wnylc.com/health/entry/114/
- https://www.chiefhealthcareexecutive.com/view/cyberattack-of-new-york-hospitals-prompts-diversion-of-patients-it-systems-shut-down