Nine Million MCNA Dental Customers Hit by Breach

Millions of customers of one of America’s largest dental health insurers have had their personal information compromised after a ransomware breach.

MCNA Dental claims to be the largest dental insurer in the country for government-sponsored Medicaid and CHIP programs.

A notice published on its website Friday explained that the firm became aware of unauthorized network activity on March 6.

“We quickly took steps to stop that activity. We began an investigation right away. A special team was hired to help us,” it continued.

“We learned a criminal was able to see and take copies of some information in our computer system between February 26 2023 and March 7 2023.”

The information taken included: first and last name; home and email address; date of birth; phone number; Social Security number; driver’s license/government-issued ID numbers; health insurance information; and bills and insurance claims.

Some of this information was not for customers themselves but rather parents, guardians or bill-payers.

According to a breach notice on the website of the Office of the Maine Attorney General, more than 8.9 million individuals were impacted, although MCNA claimed that “information which was seen and taken was not the same for everyone.”

Infamous ransomware group LockBit appears to have been behind the attack. It claimed to have published all the files it exfiltrated via its leak site back in early April, after MCNA refused to pay a multimillion-dollar ransom demand.

The insurer is offering affected customers a year’s free identity theft protection. Given the wealth of personal, financial and insurance data in the hands of cyber-criminals, customers would be advised to brace themselves for follow-on phishing and identity fraud attempts.