TechTech News

Data of Nearly 9 Million MCNA Dental Patients Exposed by Hackers

Save
Data of Nearly 9 Million MCNA Dental Patients Exposed by Hackers
A man types on a computer keyboard. (Kacper Pempel/Reuters)
Katabella Roberts
6/1/2023
Updated:
6/1/2023
0:00

The dental insurer Managed Care of North America (MCNA)—one of the largest dental health insurers in the United States—says the personal information of nearly 9 million individuals has been compromised after its computer system was hacked.

The Atlanta-based company—which bills itself as the leading dental benefits manager of government-backed plans for children and seniors—said in a May 26 notice that it had become aware that a “criminal accessed our computer system without our permission” in March.

“On March 6, 2023, MCNA became aware of certain activity in our computer system that happened without our permission. We quickly took steps to stop that activity. We began an investigation right away. A special team was hired to help us,” the insurer stated.

“We learned a criminal was able to see and take copies of some information in our computer system between February 26 ... and March 7.”

MCNA stated that the hacker or hackers were able to obtain an array of information on patients, including their first and last names, addresses, dates of birth, phone numbers, email addresses, and Social Security numbers, as well as their driver’s license numbers and other forms of government-issued ID numbers.

The hackers also were able to access the patient’s health insurance plan information, billing data, and insurance claim information, as well as photos, x-rays, and other personal information, MCNA stated.

“Some of this information was for a parent, guardian, or guarantor. A guarantor is the person who paid the bill. Information which was seen and taken was not the same for everyone,” the insurer noted.

While MCNA Dental didn’t identify who was behind the attack, TechCrunch reported that the Russian-linked ransomware group LockBit had claimed responsibility for the hack on its dark web leak site. The group stated that it published all of the files it extracted from MCNA—amounting to 700 GB of data—after the company refused to pay a $10 million ransom demand.

Second Dental Data Breach This Year

MCNA stated that as well as opening an investigation, it has also made its computer systems “even stronger than before” to prevent a future breach.

Patients who may have had their personal information comprised will receive a letter informing them of such, according to the company. MCNA also says it’s offering free credit monitoring and identity protection services for affected individuals.

“We are sorry for any concern this event may cause,” the insurer added.

According to a data breach notification filed with Maine’s attorney general, about 8,923,662 individuals were affected—making it the largest health data breach so far this year—after pharmacy services provider PharMerica experienced a breach in March of the personal data of nearly 6 million patients.

That breach, which involved customers’ personal information, including their names, addresses, dates of birth, Social Security numbers, medications, and health insurance information, initially occurred on March 12. However, the breach wasn’t discovered until March 21, according to a filing with Maine’s attorney general.

Kentucky-based PharMerica stated that it had also sent letters to customers alerting them to the breach but that it wasn’t aware of any fraud or identity theft that had occurred as a result of the incident.

“PharMerica has taken, and is taking, additional steps, including changes in its processes and procedures, to help reduce the likelihood of a similar event from happening in the future,” it stated.

Managed Care of North America officials didn’t respond by press time to a request by The Epoch Times for comment.