Managed Care of North America (MCNA) Dental Data Breach Affects 9 Million Patients

Managed Care of North America (MCNA) Dental has confirmed that hackers stole almost 9 million patients’ data in a data breach. In a data breach notification posted to the organization’s website on May 26, MCNA says that cybercriminals gained access to its network on February 26. However, it only became aware of the intrusion on March 6. In that time, cybercriminals were able to steal the personal data of 8.9 million patients.

That data includes:

• Full name
• Address
• Date of birth
• Phone number
• Email
• Social Security number
• Driver’s license number
• Government-issued ID number
• Health insurance (plan information, insurance company, member number, Medicaid-Medicare ID numbers)

MCNA has notified the Office of the Maine Attorney General that the breach impacted 8,923,662 individuals, including patients, parents, guardians, and guarantors.

Response and Remediation Efforts

The government-sponsored dental care and oral health insurance provider has notified impacted individuals and offered them 12 months of complimentary identity theft protection and credit monitoring through IDX. As MCNA doesn’t have current addresses for all those affected, they have published a substitute notification on the IDX website.

LockBit Ransomware Gang's Involvement

The LockBit ransomware gang claimed responsibility for the attack on March 7, threatening to publish 700GB of sensitive information unless MCNA paid a $10 million ransom. LockBit published the stolen data on April 7.