Canadian dental benefits administrator Alberta Dental Service Corporation (ADSC) has started informing roughly 1.47 million individuals that their personal information was compromised in a ransomware attack last month.
The intrusion was initially discovered on July 9, but the full scope of the data breach was determined only two weeks later.
In an incident notification, ADSC reveals that individuals enrolled in the Alberta Government’s Dental Assistance for Seniors Plan, the Alberta Government’s Low-Income Health Benefits Plans, and Quikcard were impacted.
Quikcard brokers and dental services providers that enrolled with ADSC to receive direct payment for eligible health claims were also impacted.
The attackers, ADSC says, had access to its network for more than two months before deploying file-encrypting malware. During this time, the attackers copied certain data from the compromised systems, including files containing personal and banking information.
“In total, approximately 1.47 million individuals were compromised. Of those, less than 7,300 records contained personal banking information. Only those who proactively provided their banking details to ADSC could have had that information accessed,” ADSC says.
Potentially compromised information, the organization says, varies depending on the benefits plan, but may include names, addresses, birth dates, government issued identification numbers, details of dental benefits claims, personal bank account numbers, corporate emails, and corporate bank accounts.
ADSC says it was able to recover the affected systems and data with minimal impact to its operations.
“ADSC has taken steps to ensure that any personal or corporate information which was accessed or copied from its systems as a result of this incident has been deleted and protected against fraudulent misuse,” ADSC says.
While the organization does not provide specific details on the ransomware gang behind the attack, IT World Canada claims that ADSC president Lyle Best has confirmed that a ransom payment was made to the 8Base ransomware gang, which provided proof that the stolen data was deleted.
Best did not disclose the ransom amount that was paid, but reportedly said that the initial intrusion vector was a phishing email and that the organization was able to restore the encrypted data from backups.