Real World Risk Management Practical HR Resources
Are you a new user?


Breach Security Often Boils Down To Password Security

A recent data breach at dental benefits provider Managed Care of North America, Inc. (MCNA) affected 8,923,662 individuals. The organization reported the data breach to the Maine Attorney General in May 2023.

On March 6, 2023, the employer discovered that an unauthorized third party was accessing certain systems in its network. The organization reportedly contained the threat immediately and worked with a third-party cybersecurity firm to investigate the breach and determine its nature and scope.

The forensic investigation found that hackers had infected the organization's network with malicious code and removed some personal and protected health information between February 26 and March 7.

Although compromised information varied by person, some of the information in the copied files included "names, addresses, telephone numbers, email addresses, birth dates, Social Security numbers, driver's license numbers, government-issued ID numbers, health insurance information, Medicare/Medicaid ID numbers, group plan names and numbers, and information related to the dental and orthodontic care provided."

MCNA stated that it has enhanced its cybersecurity protections and monitoring practices to help prevent a future data breach. The ransomware group LockBit leaked some of the stolen data on its dark web site and demanded a ransom of $10 million to prevent the publication of the rest of the data.

On April 07, 2023, LockBit published all the stolen files, suggesting a ransom was not paid.

Those impacted by the data breach are being notified and offered one or two years of free credit monitoring, depending on state laws. Steve Alder "Managed Care of North America Hacking Incident Impacts 8.9 Million Individuals" (May 30, 2023).


All industries are vulnerable to efforts to breach organizational networks. Government agencies, financial organizations, insurance companies, phone service providers – the biggest hacks in 2023 involve these types of industries.

Password security is a must. Passwords must not include words found in the dictionary, even if they are slightly altered, or personal information, like a birthdate or a pet's name. Rather, strong passwords should contain many characters - the longer the better -as well as a combination of upper- and lower-case letters, numbers, and special characters. Configure your systems to require passwords to be changed frequently.

Additional breach-preventing practices include: implement multi-factor authentication; use firewalls; control access to information you want protected; limit network access; control physical access; protect mobile devices; train employees on password, phishing, and business email compromises; maintain anti-virus software; and install a culture of cybersecurity in your organization.


Finally, your opinion is important to us. Please complete the opinion survey:

Is An Organization-Wide Shutdown A Smart Response To Cyber Threats?

The University of Michigan shut down internet access in response to a cyber incident. We examine why isolating an infected network is the first step to recovery.

read more

Weak Passwords Allow Cybercriminals To Go Through The "Front Door"

Employers must stress good password practices to minimize breach risks. We examine why reusing passwords is a risky practice.

read more

Ask Jack: Can We Assume AI Searches Are Safe?

More and more employees are using AI chatbots to do research, but are they safe? Jack responds.

read more

Ask Jack: Ethical Hiring Sets The Tone For IT Security

An employer reveals a recruiting scandal within its IT department. Jack explains why seeking the "ethically grounded" over the "ethically challenged" is an IT priority.

read more