Hackers Stole User Data From 8.9 Million Dental Patients

Ransomware group LockBit claims responsiblity – and may have already released 700GB of confidential information online.

A cyberattack on MCNA Dental has left data from nearly nine million patient accounts in the hands of a hacking group.

MCNA says it first became aware of the hack in March, but that hackers had gained access as early as February. The company is one of the biggest government-sponsored dental and oral health insurers in the US.

It's another example of the too-frequent data breaches that our tech and business structures seem to be poorly equipped to combat.

What Data Was Lost?

MCNA's announcement clarifies the timeline of the breach: The company became aware of unauthorized access on March 6, 2023, and after an investigatation they realized that the hackers first broke in to the computer system on February 26.

Here's the kind of information that was leaked, from the company's public notice:

  • Information used to contact you, like first and last name, address, date of birth, phone number, email
    Social Security number
  • Driver’s license number/other government-issued ID number
  • Health insurance (plan information, insurance company, member number, Medicaid-Medicare ID numbers)
  • Care for teeth or braces (visits, dentist name, doctor name, past care, x-rays/photos, medicines, and treatment)
  • Bills and insurance claims

Those impacted included 8,923,662 people in total, according to a filing of the incident with the Office of the Maine Attorney General as covered by Beeping Computer. The number covers parents, guardians, or guarantors of patients as well as patients themselves.

The Ransomware Gang Claiming Credit: LockBit

Ransomware group LockBit says that it is responsible for the breach. They demanded a ransom of $10 million which went unpaid, and so they've released 700GB of confidential information on their website, as of April 7.

Victims of the breach have a few options. First, they should all monitor their credit reports, checking for indications of identity theft. Second, they need to be wary of phishing emails or calls, since their exposed data could be used to trick them into further financial loss.

Some Companies Keep Quiet About Breaches

Protect Your Data with SurfShark VPN

Connect an unlimited number of devices for just $2.49 per month.

MCNA published its data breach acknowledgment on the Friday before Memorial Day weekend. Still, it could be worse: We might not have heard about this new data breach at all. According to one study, 29.9% of IT professionals have covered up data breaches at their company. Even more (42%) have faced pressure from their supervisors to do so.

Last year, a whistleblower at Twitter alleged the company had hidden data breaches from it's own board, an indication that in some cases, even executives running a business that covers up data breaches won't know that they're being covered up.

It's been a bad month for data breaches in healthcare: Last week, US company Apria Healthcare revealed to almost 1.9 million customers that their data may be been exposed in incidents that happened way back in 2019 and 2021. And on May 16, pharmaceutical giant PharMerica revealed a breach from March had impacted 5.8 million customers.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Written by:
Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He was a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and his art history book on 1970s sci-fi, 'Worlds Beyond Time,' is out from Abrams Books in July 2023. In the meantime, he's hunting down the latest news on VPNs, POS systems, and the future of tech.
Explore More See all news
Back to top
close Thinking about your online privacy? NordVPN is Tech.co's top-rated VPN service See Deals