MCNS Dental, a prominent government-sponsored dental care and oral insurance provider in the United States, has revealed a significant data breach that compromised the personal information of approximately 9 million patients. The breach, which occurred on February 26th, 2023, was discovered by MCNA on March 6th, prompting immediate action.
Unauthorized access to MCNA’s computer systems allowed hackers to pilfer a vast array of sensitive data over the course of the breach. As per a report by to BleepingComputer, the stolen information includes full names, addresses, dates of birth, phone numbers, emails, social security numbers, driver’s licence numbers, government-issued ID numbers, health insurance details, care history, and billing and insurance claims.
The breach affected not only patients but also parents, guardians, or guarantors, amounting to 8,923,662 individuals, according to a notification submitted to the Office of the Maine Attorney General.
In response to the breach, MCNA Dental has taken prompt remedial measures to address the issue and fortify its systems to prevent future incidents of this nature. The organisation has also engaged law enforcement authorities to mitigate the risk of misuse of stolen information. Affected individuals have been provided instructions to avail themselves of 12 months of complimentary identity theft protection and credit monitoring services through IDX.
However, due to incomplete contact information, MCNA has published a substitute notice on IDX for individuals who may not have received a direct notification. The notice also includes a list of over a hundred healthcare providers indirectly impacted by the breach, although it remains uncertain if these entities will issue separate breach notices.
The LockBit ransomware gang has claimed responsibility for the cyberattacks on MCNA. On March 7th, 2023, the group released initial samples of stolen data and demanded a ransom of $ 10 million. Subsequently, on April 7th, LockBit made all compromised data available for download on their website. Given the potential dissemination of the data, affected individuals are strongly advised to monitor credit reports diligently and be cautious of targeted phishing attempts that leverage the leaked information to extract further sensitive details.