MCNA Notifies 8.9M Individuals of Healthcare Data Breach

May 31, 2023 - MCNA Dental, a Medicaid and Children's Health Insurance Program service provider suffered a major healthcare data breach impacting over 8.9 million individuals, revealing their Social Security numbers and personal data. As of now, this marks 2023's largest reported healthcare data breach. 

MCNA Dental is one of the largest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the United States.  

A notification was submitted to the Office of the Maine Attorney General, revealing that a breach had significant consequences for a staggering number of individuals. Approximately 8,923,662 people, encompassing patients, parents, guardians, or guarantors, were affected by this incident. 

On March 6, 2023, MCNA detected that an unauthorized third party was able to access certain systems within its computer network. 

“We quickly took steps to stop that activity. We began an investigation right away. A special team was hired to help us. We learned a criminal was able to see and take copies of some information in our computer system between February 26, 2023 and March 7, 2023,” MCNA stated in its breach notice. 

The data involved included protected health information such as names, addresses, telephone numbers, email addresses, birth dates, Social Security numbers, driver’s license numbers, government-issued ID numbers, health insurance information, Medicare/Medicaid ID numbers, group plan names and numbers, and information related to the dental and orthodontic care provided. The types of compromised information varied from individual to individual.  

The notorious LockBit ransomware group has claimed responsibility for the massive data breach. The group reportedly leaked a portion of the stolen data onto the dark web, holding the rest hostage for a hefty $10M ransom demand. 

MCNA responded to the data breach by taking measures to rectify the situation and bolster its cybersecurity to avert future breaches.  

“We are sorry for any concern this event may cause. We are mailing letters to people whose information may have been involved in this event,” MCNA said. 

Albany ENT & Allergy Services Announces Healthcare Data Breach, 224K Impacted 

Albany ENT & Allergy Services (AENT)  disclosed a breach to the Maine Attorney General that unauthorized individuals gained access to its network, exposing 224,486 individuals’ PHI. 

This medical practice specializes in providing care for conditions related to the ear, nose, throat, as well as allergies.

Between March 23 and April 4, 2023, it was found that an unauthorized individual potentially accessed certain systems containing personal and protected health data.  

AENT analyzed these systems to verify the stored information and its relation. Around May 2, 2023, the review identified that the records included specific employee and patient information. As a countermeasure, AENT informed federal law enforcement, cooperating in the investigation, and notified the US Department of Health & Human Services’ Office for Civil Rights and appropriate state authorities. 

On or about March 27, 2023, AENT discovered suspicious activity on its computer network and promptly launched an investigation. 

Between March 23 and April 4, 2023, it was found that an unauthorized individual potentially accessed certain systems containing personal and protected health data.  

AENT analyzed these systems to verify the stored information and its relation. Around May 2, 2023, the review identified that the records included specific employee and patient information. 

In response, AENT notified federal law enforcement and is cooperating with its investigation. AENT also notified the US Department of Health & Human Services’ Office for Civil Rights and relevant state authorities. 

“At this time, there is no evidence of any identity theft or fraud occurring as the result of this incident. The confidentiality, privacy, and security of information is one of AENT’s highest priorities and AENT takes this matter very seriously,” said AENT. 

“AENT encourages potentially impacted individuals to remain vigilant against incidents of identity theft and fraud, to review account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity.”