8.9 Million Affected by MCNA Dental Data Breach

Notification letters have been sent to nearly nine million individuals to inform then that their personal information has been compromised following a data breach at MCNA Dental. The breach occurred between February 26 and March 7, and impacted both current and former Medicaid and health insurance programs.

Investigations into the attack have revealed that compromised personal information includes names, addresses, birth dates, phone numbers, ID numbers, Social Security numbers, driver’s license numbers, health insurance information, and information related to dental and orthodontic care.

The hackers managed to gain access to multiple systems within the MCNA network, and infected them with malware in addition to exfiltrating customer data. The LockBit ransomware group claimed responsibility for the attack, publishing over 700 gigabytes of data that was allegedly stolen from MCNA.

The company claims that it has not seen the stolen information being sold or traded online, though other threat actors may already have copies of the data. It is predicted that the impacted individuals will be targetted in subsequent phishing or identity theft campaigns, as the contact information in stolen data is almost guaranteed to have already been confirmed as legitimate.

MCNA is one of the largest dental benefits managers in the United States. In recompense for the breach, MCNA is offering free credit monitoring for all impacted individuals, and is encouraging them to stay vigilant for possible fraud attempts utilising the breached data.