The dental insurer Managed Care of North America (MCNA)—one of the largest dental health insurers in the United States—has warned that the personal information of nearly nine million individuals has been compromised after its computer system was hacked.
The Atlanta, Georgia-based company—which bills itself as the leading dental benefits manager of government-backed plans for children and seniors—said in a May 26 notice that it had become aware that a “criminal accessed our computer system without our permission” in March.
“On March 6, 2023, MCNA became aware of certain activity in our computer system that happened without our permission. We quickly took steps to stop that activity. We began an investigation right away. A special team was hired to help us,” the insurer said.
“We learned a criminal was able to see and take copies of some information in our computer system between February 26, 2023, and March 7.”
According to MCNA, the hacker or hackers were able to obtain an array of information on patients, including their first and last names, addresses, dates of birth, phone numbers, email, and Social Security numbers, as well as their driver’s license numbers and other forms of government-issued ID numbers.
In addition, the hackers were able to access the patient’s health insurance plan information, billing data, insurance claim information, as well as photos, x-rays, and other personal information, MCNA said.
“Some of this information was for a parent, guardian, or guarantor. A guarantor is the person who paid the bill. Information which was seen and taken was not the same for everyone,” it noted.
MCNA Dental did not identify who was behind the attack. However, Tech Crunch reported that the Russian-linked ransomware group “LockBit” had claimed responsibility for the hack on its dark web leak site, and said it had published all of the files it extracted from MCNA—amounting to 700 GB of data—after the company refused to pay a $10 million ransom demand.
MCNA said that as well as launching an investigation, it had also made its computer systems “even stronger than before” to prevent a similar breach in the future.
Patients who may have had their personal information comprised will receive a mailed letter informing them of such, according to the company.
Additionally, MCNA said it is offering free credit monitoring and identity protection services for affected individuals.
“We are sorry for any concern this event may cause,” the insurer added.
According to a data breach notification filed with Maine’s Attorney General, approximately 8,923,662 individuals were impacted by the hack, making it the largest health data breach so far this year—after pharmacy services provider PharMerica experienced a breach in March that saw the personal data of nearly 6 million patients exposed.
That breach, which involved customers’ personal information including their names, addresses, dates of birth, Social Security numbers, medications, and health insurance information, initially occurred on March 12. However, the breach wasn’t discovered until March 21, according to a filing with Maine’s Attorney General.
The Kentucky-based company said it had also sent letters to customers impacted by the breach, but that so far, it was not aware that any fraud or identity theft had occurred to any of its customers as a result of the incident.
“PharMerica has taken, and is taking, additional steps, including changes in its processes and procedures, to help reduce the likelihood of a similar event from happening in the future,” it said.
The Epoch Times contacted Managed Care of North America for further comment, but did not receive a reply before this article was published.