Managed Care of North America (MCNA)

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In February 2023, Managed Care of North America (MCNA) Dental, a prominent dental insurance provider based in Atlanta, Georgia, experienced a significant cybersecurity incident. This breach, which is considered the largest healthcare data breach of 2023 so far, resulted in unauthorized access to the personal and health information of nearly nine million individuals[1][2]. The cybercriminals, identified as the LockBit ransomware group, infiltrated MCNA Dental’s computer network between February 26 and March 7, 2023, deploying malicious code and exfiltrating a vast amount of sensitive data[1][2].

The compromised information includes names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, driver’s licenses or other government-issued ID numbers, health insurance data (including plan information and Medicaid/Medicare ID numbers), and detailed dental or orthodontic treatment information. In some instances, the data pertained to a patient’s parent, guardian, or guarantor, indicating that children’s personal data was also accessed during the breach[1][2].

Following the breach, MCNA Dental undertook measures to enhance its security and monitoring practices and began notifying affected individuals, offering them complimentary credit monitoring and identity protection services[3]. Despite these efforts, the breach has raised significant concerns regarding the privacy and security of sensitive personal and health information, particularly for vulnerable populations such as low-income individuals and children who are among MCNA Dental’s clientele[1].

The LockBit ransomware group, which has been linked to Russia and has claimed responsibility for several high-profile cyberattacks, demanded a $10 million ransom from MCNA Dental. When the demand was not met, the group published the stolen files on its dark web page in April 2023[1][2]. This incident underscores the growing threat of ransomware attacks on healthcare providers and the critical need for robust cybersecurity measures to protect sensitive patient information.

In response to the breach, several law firms have initiated investigations into MCNA Dental for potential negligence and violations of state consumer protection laws, exploring legal avenues to secure compensation for the affected individuals[1][4][5]. The breach has also prompted a broader discussion on the adequacy of current data protection practices in the healthcare industry and the need for stronger regulatory frameworks to safeguard patient data against cyber threats.

Citations:

  1. https://www.hbsslaw.com/cases/mcna-dental-managed-care-of-north-america-data-breach
  2. https://techcrunch.com/2023/05/31/ransomware-attack-on-us-dental-insurance-giant-exposes-data-of-9-million-patients/
  3. https://local21news.com/news/local/insurance-company-data-breach-may-impact-some-pennsylvanians-mcna-childrens-health-insurance-program-chip-medicaid-
  4. https://www.peifferwolf.com/mcna-dental-data-breach-warning/
  5. https://www.prnewswire.com/news-releases/consumer-privacy-alert-mcna-dental-faces-class-action-investigation-for-medical-data-breach-affecting-almost-9-million-patients-records-301858583.html
  6. https://mcna.net/privacy
  7. https://www.idstrong.com/sentinel/mcna-dental-suffered-data-breach/
  8. https://www.mcna.net/en/privacy
  9. https://pirg.org/updates/dental-data-breach/
  10. https://thebrunswicknews.com/news/business/florida-based-dental-insurer-sued-after-hackers-steal-info-about-8-9-million-people/article_7190549a-2edd-5263-b366-30b7df57bd34.html
  11. https://www.tdmr.org/mcna-attack-exposed-all-dental-provider-and-state-agency-information/
  12. https://www.classaction.org/media/mcna-data-breach-letter.pdf
  13. https://www.fiercehealthcare.com/health-tech/attack-notorious-ransomware-group-compromises-personal-data-89-million
  14. https://www.forthepeople.com/blog/morgan-morgan-investigates-claims-those-impacted-mcna-dental/
  15. https://www.strategicrevenue.com/managed-care-confirms-serious-breach-of-nearly-9-million-patients-critical-info/
  16. https://cybernews.com/news/mcna-data-breach-exposed-millions/
  17. https://www.bankinfosecurity.com/dental-health-insurer-hack-affects-nearly-9-million-a-22185
  18. https://www.tdmr.org/more-law-firms-pile-on-mcna-for-massive-data-breach/
  19. https://apps.web.maine.gov/online/aeviewer/ME/40/895b95c8-abc8-41f1-8c3f-b0415575de56.shtml
  20. https://www.doj.nh.gov/consumer/security-breaches/documents/managed-care-north-america-20230711.pdf
Breach Submission Date May 26, 2023
Converted Entity Name Managed Care of North America (MCNA)
Converted Entity Type Business Associate
State GA
Individuals Affected 8,861,076
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes