A cyberattack on a dental insurer has resulted in a data breach affecting nearly nine million individuals in the United States, as reported in documents filed with state regulators. Managed Care of North America (MCNA), the country’s largest dental insurer for government-sponsored Medicaid and Children’s Health Insurance Programs, serves over five million members across eight states.
The incident was first identified by MCNA’s IT team on March 6 when they became aware of a hack. Further investigation revealed that certain systems within the network had potentially been infected with malicious code. The ransomware group LockBit claimed responsibility for the attack on March 27, stating that they had gained access to 700 gigabytes of data. An extensive cybersecurity investigation, conducted by a third-party firm, concluded on May 3 and uncovered evidence that hackers had infiltrated MCNA’s systems between February 26 and March 7, copying various types of information.
Following the company’s refusal to pay a $10 million ransom, LockBit published all the stolen files on April 6. The breach encompassed a wide range of sensitive data, including full names, dates of birth, addresses, phone numbers, email addresses, Social Security numbers, driver’s license numbers, government-issued identification numbers, health insurance information (such as plan names and insurer details), and data related to dental and orthodontic care.
In addition to this, the compromised information also included more specific details about patient visits, such as the name of the treating dentist, X-rays, photos, treatment records, and invoices. Some of the stolen data pertained to the parents or guardians of patients as well.
MCNA promptly initiated a forensic investigation as soon as they discovered the breach. They took immediate measures to mitigate and remediate the incident, prevent any further unauthorized activity, and contacted law enforcement. The company shared breach notification letters with state regulators in Maine, outlining the steps they had taken in response to the breach.
To assist the affected individuals, MCNA is offering 12 months of identity protection services to the 8,923,662 people impacted by the breach. It is important to note that MCNA is issuing these letters on behalf of over 100 organizations, including numerous government agencies and various unions representing teachers, police officers, nurses, and other professionals.
In summary, a cyberattack targeting MCNA, the largest dental insurer for government-sponsored programs in the US, has resulted in a data breach impacting nearly nine million people. The breach compromised a wide range of personal and sensitive information, including names, addresses, Social Security numbers, and dental care records. MCNA has taken immediate action to investigate the incident, mitigate its effects, and offer identity protection services to the affected individuals.