MCNA notifies 8.9 million people of the health data breach

May 31, 2023 – MCNA Dental, a provider of Medicaid and Children\’s Health Insurance Program services suffered a major health data breach affecting more than 8.9 million people, revealing their Social Security numbers and personal data. As of right now, this marks the largest health data breach reported in 2023.

MCNA Dental is one of the largest providers of government-sponsored dental care and oral health insurance (Medicaid and CHIP) in the United States.

A notification has been filed with the Maine Attorney General\’s Office, revealing that a violation has had significant consequences for a staggering number of people. Approximately 8,923,662 people, including patients, parents, guardians or guarantors were affected by this incident.

On March 6, 2023, MCNA determined that an unauthorized third party was able to access certain systems within its computer network.

“We quickly took steps to stop that activity. We immediately launched an investigation. A special team has been hired to help us. We have learned that an attacker was able to see and take copies of certain information in our computer system between February 26, 2023 and March 7, 2023,” MCNA said in its breach notification.

The data involved included protected health information such as names, addresses, phone numbers, email addresses, dates of birth, Social Security numbers, driver\’s license numbers, government-issued identification numbers, health insurance information, numbers Medicare/Medicaid identification numbers, group plan names and numbers, and information about the dental and orthodontic care provided. The types of information compromised varied between individuals.

The notorious LockBit ransomware group has claimed responsibility for the massive data breach. The group reportedly leaked a portion of the stolen data onto the dark web, holding the rest hostage for a hefty $10 million ransom demand.

MCNA responded to the data breach by taking steps to correct the situation and strengthen its cyber security to avoid future breaches.

“We regret any concern this event may cause. We are sending letters to individuals whose information may have been involved in this event,” MCNA said.

Albany ENT & Allergy Services Announces Health Data Breach, 224K Affected

Albany ENT & Allergy Services disclosed a violation to the Maine Attorney General that unauthorized individuals gained access to its network, exposing 224,486 individuals\’ PHI.

Albany ENT & Allergy Services is a medical practice that offers specialized care for ear, nose and throat problems and allergies.

Between March 23 and April 4, 2023, an unauthorized individual was found to have potentially accessed certain systems containing personal and protected health data.

AENT has analyzed these systems to verify the stored information and their relationship. On or around May 2, 2023, the review found that the records included specific employee and patient information. As a countermeasure, AENT has notified federal law enforcement agencies, cooperating with the investigation, and notified the United States Department of Health and Human Services\’ Office of Civil Rights and appropriate state authorities.

On or about March 27, 2023, AENT discovered suspicious activity on its computer network and promptly launched an investigation.

Between March 23 and April 4, 2023, an unauthorized individual was found to have potentially accessed certain systems containing personal and protected health data.

AENT has analyzed these systems to verify the stored information and their relationship. On or around May 2, 2023, the review found that the records included specific employee and patient information.

In response, AENT has notified federal law enforcement agencies and is cooperating with their investigation. AENT has also notified the U.S. Department of Health and Human Services Office of Civil Rights and appropriate state authorities.

“At present, there is no evidence of identity theft or fraud that has occurred as a result of this incident. The confidentiality, privacy and security of information is one of AENT\’s top priorities and AENT takes this matter very seriously,” said AENT.

\”AENT encourages potentially affected individuals to remain vigilant against incidents of identity theft and fraud, review bank statements, and monitor their credit reports and explanation of suspicious activity benefit forms.\”