MCNA ransomware attack exposes nine million customer data

A ransomware attack on MCNA Dental led to the personal information of nearly 9 million customers being compromised. The information includes the names of customers, their addresses, email ID, date of birth, phone number, Social Security numbers, driver’s license/government-issued ID numbers, health insurance information, bills and insurance claims and also details of the parents, guardians or bill-payers. However, MCNA claimed that ‘information which was seen and taken was not the same for everyone.’

According to a notice published on its website, MCNA became aware of the attack on 6 March. The notice mentioned, ‘We learned a criminal was able to see and take copies of some information in our computer system between February 26 2023 and March 7 2023.’

Ransomware group LockBit has claimed to be behind the attack and has claimed to have published all the files it exfiltrated in early April due to MCNA refusing to pay the ransom demand.

As compensation, MCNA is offering affected customers a one-year free identity theft protection. The MCNA notified the Office of the Maine Attorney General of the breach.

MCNA is America’s largest dental health insurer for government-sponsored Medicaid and CHIP programs.