Data Breach: MCNA Reveals 8.9 Million Customers Impacted by Ransomware Attack

Managed Care of North America (MCNA) Dental announced that it has experienced a data breach, where unknown hackers infiltrated its network and stole personal data of 8,923,662 customers.

One of America’s leading government-sponsored dental insurance providers, MCNA took corrective measures once it discovered unauthorized activity in its computer system on March 6. The company launched an investigation in which it found that cyber criminals had accessed their network between February 26 and March 7, 2023. During that time, the hackers extracted personal information of their clients, including:

• First and last name, address, date of birth, phone number, email
• Social Security number
• Driver’s license number/other government-issued ID number
• Health insurance details
• Dental care records
• Bills and insurance claims

Moreover, the notice submitted to the Maine Attorney General’s Office, stated that the breach also involved information of some parents, guardians, or guarantors (bill payers). It further went on to say, ‘’ Information which was seen and taken was not the same for everyone.’’

MCNA claims that they have taken appropriate remedial measures to mitigate the risk and deployed better security measures to avoid similar incidents in the future. It also contacted law enforcement authorities to avoid any misuse of stolen information. Additionally, MCNA is also offering 12 months free identity theft protection and credit monitoring service through IDX to affected customers.

The organization also stated that as it does not have contact information of all the affected customers, hence a substitute notice was issued on IDX website. The notice would be active for 90 days.

MCNA did not release any details about the threat actors, however, ransomware group LockBit claimed responsibility for the attack. On not being paid the ransom of $10 million, the gang published the 700GB stolen data on their website.

As both personal and financial data is now available to other threat actors, MCNA has advised affected customers to be cautious and protect themselves against phishing and identity theft attempts.