The Weekly breach Breakdown Podcast by ITRC - Inconceivable - S4E15

Show Transcript

Welcome to the Identity Theft Resource Center’s (ITRC) Weekly Breach Breakdown for June 9, 2023. Thanks to Sentilink for their support of the podcast and the ITRC. Each week, we look at the most recent events and trends related to data security and privacy. This week, we look back at some of May’s most notable data breaches. We look at one particular breach involving a dental insurance company that has impacted hundreds of organizations and millions of individuals, the MCNA data breach.

One of the memorable parts of the 1987 classic film The Princess Bride is Vizzini saying “inconceivable!” throughout the movie. Vizzini has to deal with his less-committed henchmen when trying to kidnap and murder Princess Buttercup. Vizzini screams, “inconceivable!” whenever his plan goes awry. It is the appropriate title for this week’s podcast because there are probably a lot of organizations impacted by the MCNA data breach yelling “inconceivable!” right about now.

May Notable Data Breaches

The ITRC tracked 290 data compromises in May, impacting 19 million people. The most notable breach in the month was MCNA Insurance Company, the largest dental insurer in the nation for government-sponsored Medicaid and Children’s Health Insurance programs.

MCNA Data Breach

According to TechCrunch and the Office of the Maine Attorney General, the third-party MCNA data breach was due to a ransomware attack, which allowed criminals to see and take copies of information in the computer system. So far, the breach has affected 112 organizations and 8.9 million people. Personal information involved includes Social Security numbers (SSN), Driver’s License numbers, health insurance information, bill and insurance claims and more. This is the largest breach of health information in 2023 to date.

Rise in Third-Party Data Breaches

Last month on the podcast, we mentioned that the ITRC had begun to notice a rise in third and fourth-party medical data breaches. The trend has continued, especially with third-party breaches. In May, 178 organizations were impacted by a third-party incident.

Enzo Biochem Data Compromise

While this data compromise was reported at the beginning of June, the ITRC also tracked another due to a ransomware attack, this one happening to Enzo Biochem, a New York-based biotechnology company. The attack exposed the clinical test information of almost 2.5 million patients.

ITRC to Release H1 Data Breach Analysis

These are trends the ITRC continues to follow very closely. Next month, we will release our H1 Data Breach Analysis, which will look at the first half of the year. We will have more information on the sharp rise in third-party data compromises in Q2, like the MCNA data breach.

Apria Healthcare Data Breach

Apria Healthcare reported a data breach due to a cyberattack. An identity criminal accessed Apria’s system in 2019. The company discovered the incident in September 2021. It is just now being reported. Approximately 1.8 million victims were impacted, and personal information like medical, health insurance, and financial information was involved.

What to Do if You Receive a Data Breach Notice

If you ever get a data breach notice, be sure to follow all of the instructions in the notice. Also, change your login credentials for impacted accounts and other accounts with the same email, username or password.

Contact the ITRC

If you want to know more about how to protect your business or personal information, or if you think you have been the victim of an identity crime, you can speak with an expert ITRC advisor on the phone, chat live on the web, or exchange emails during our normal business hours (Monday-Friday, 6 a.m.-5 p.m. PST). Just visit www.idtheftcenter.org to get started.

Thanks again to Sentilink for their support of the ITRC and this podcast. Later this month, we will have a special episode of The Fraudian Slip podcast with Intellectual Technology, Inc. We will return next week with another episode of the Weekly Breach Breakdown.