Hacking Group Claims Responsibility for Multi-Million-Record DentaQuest Data Breach
Wellesley, MA-based DentaQuest, a dental benefits administrator that manages the benefits for 32 million Americans, has announced it is actively managing a cybersecurity incident involving unauthorized access to a limited part of its network. According to its website notice, immediate action was taken to contain and mitigate the threat, and the company is working with a leading cybersecurity expert, forensic investigators, and law enforcement authorities. If the data breach is confirmed as affecting 2.6 million individuals, it will rank as one of the largest healthcare data breaches of the year to date.
DentaQuest, part of Sun Life U.S. Dental, is the largest Medicaid and Children’s Health Insurance Program dental benefits administrator in the country, operating in 50 U.S. states. The company has yet to determine the exact scope of the incident and the extent to which sensitive data has been compromised. The company has promised to update clients and ensure that they receive information as quickly and transparently as possible.
The digital extortion group ShinyHunters has claimed responsibility for the incident and has added DentaQuest to its dark web data leak site. The group specializes in data theft and extortion and claims to have exfiltrated 234 GB of data from DentaQuest systems. ShinyHunters explained on its data leak site that it has attempted to negotiate a ransom payment with DentaQuest to prevent the publication of stolen data, but despite exercising considerable patience and making multiple offers, it failed to reach an agreement with DentaQuest. As a result of the failure, ShinyHunters proceeded to leak the stolen data.
Have I Been Pwned (HIBP) has analyzed the leaked data, which contains the unique email addresses of 2.6 million individuals, along with names, addresses, phone numbers, dates of birth, and genders. HIBP said the leaked data appears in healthcare enrollment files (ASC X12 transaction sets), some of which include information such as Medicaid IDs, other government-issued IDs, and health insurance information. Around 66% of the records exposed were already in its database, having been breached in previous incidents.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
While Social Security numbers did not at first appear to have been compromised based on the HIBP analysis, one folder has been found in the dataset that appears to include more than 1.7 million unique Social Security numbers, linked to an organization in Texas. According to the security researcher who found the folder, they appear to relate to children. It will likely take a considerable amount of time to review the affected data. Hundreds of thousands of files have been exfiltrated and made available for download. The researcher reports that the data goes back several years, to at least 2009, and potentially further.
This article has been updated since publication, as further information has come to light indicating that Social Security numbers are likely present in the dataset.
