Security Breaches

Leaked DentaQuest Records Affect 2.6 Million Individuals

By Daniel Lopez

DentaQuest is managing a cybersecurity incident involving unauthorized access to a limited part of its network, while leaked data associated with the incident contains records tied to 2.6 million individuals following a claimed data theft by the ShinyHunters group.

Incident Overview

DentaQuest, based in Wellesley, Massachusetts, operates as a dental benefits administrator managing coverage for approximately 32 million Americans, making it the administrator of the biggest Medicaid and Children’s Health Insurance Program dental benefits in the United States. Its operations extend across all 50 U.S. states.

The organization reported an active cybersecurity incident related to unauthorized access to part of its network. Immediate containment and mitigation actions were taken after detection of the activity. DentaQuest sought the assistance of a cybersecurity specialist, forensic investigators, and law enforcement authorities for support response efforts.

The full scope of the incident remains under assessment. There is no confirmation yet regarding the total extent of data exposure and the evaluation of impacted systems is still ongoing. Updates are expected to be provided to affected parties as additional information becomes available.

Threat Actor Claim and Extortion Activity

The threat group ShinyHunters has claimed responsibility for the incident and listed DentaQuest on its data leak site hosted on the dark web. The group is known for data theft and extortion activity.

ShinyHunters stated that it accessed and stole approximately 234 GB of data from DentaQuest systems. The group also reported attempting to negotiate a ransom payment in exchange for halting the publication of the stolen information. Negotiation attempts reportedly failed after multiple offers, after which the group proceeded with data publication through its leak site.

Leaked Data Analysis

Analysis conducted by Have I Been Pwned identified that the leaked dataset contains unique email addresses associated with approximately 2.6 million individuals. The exposed information included names, physical addresses, telephone numbers, birth dates, and gender data.

The dataset appears to originate from healthcare enrollment records structured in ASC X12 transaction sets. Some healthcare enrollment records include Medicaid identifiers, other government-issued identifiers, and medical insurance-related details.

Approximately 66 percent of the records identified in the leaked dataset were already present in the Have I Been Pwned database due to prior unrelated incidents.

Exposure and Risk Context

Current analysis states that Social Security numbers were not leaked. The absence of these identifiers reduces direct pathways to identity theft through this specific dataset.

Exposure of email addresses and contact information introduces risk related to targeted phishing activity and social engineering attempts. Individuals affected by the dataset may be targeted using personal and enrollment-related details contained in the exposed records.

The incident, if confirmed at the current estimated scale, would represent one of the larger data breaches reported by a HIPAA-covered entity during the year to date.

Image credit: 1391984755 Antto-AI, AdobeStock / logo©DentaQuest

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Daniel Lopez

Daniel Lopez is the HIPAA trainer behind HIPAA Coach and the HIPAA subject matter expert for NetSec.news. Daniel has over 10 years experience as a HIPAA coach. Daniel provides his HIPAA expertise on several publications including Healthcare IT Journal and The HIPAA Guide. Daniel has studied Health Information Management before focusing his career on HIPAA compliance and protecting patient privacy. You can follow Daniel on Twitter / X https://twitter.com/DanielLHIPAA

Related News

SIlent Ransom Group Targets Organizations Through social engineering