The Everest Ransomware Team has a new post on their leak site:
Company has the last 24 hours to contact us using the instructions left.In case of silence, all data will be published More than 1 million personal EMR’s + different internal company documents
But was this a new incident or were they just trying to ransom some data that was hacked back in February 2023?
The 2023 Ransomware Incident
As DataBreaches reported in May 2023, MCNA Dental suffered a confirmed hack back in February 2023. The attack was originally claimed by LockBit in March 2023 and supposedly leaked in April of 2023, but the leak URLs did not work when DataBreaches checked them in May. In May of 2023, MCNA reported the incident to the Maine Attorney General’s Office as affecting 8,923,662 people. It was reported to HHS the same week as affecting 8,861,076 patients.
A 2024 Incident, Too?
In its new post, Everest Team provides a few entries with patient data, but none of them are even relatively recent. DataBreaches sent email inquiries both to Everest Team and to MCNA Dental to ask whether this is a new incident or if it involves last year’s hack and data.
Everest Team immediately replied that this is a new hack. No reply from MCNA Dental was immediately available.
There is already one consolidated class action lawsuit against MCNA Dental in the Southern District of Florida (Case 0:23-cv-61065) over last year’s ransomware attack and HHS’s investigation into that 2023 incident is not yet closed. Will MCNA Dental find itself facing additional scrutiny from HHS and from patients over what Everest Team claims is a second and new attack?