US: MCNA Dental, a dental and orthodontic care provider for state Medicaid agencies and children’s health insurance programs, has reported a significant data breach that has impacted the personal and protected health information of nearly 9 million patients. The incident was initially detected by the company on March 6 and was disclosed in a data breach notification letter filed with the Maine state attorney general’s office.
Malicious Code in Network
Upon investigation, MCNA found evidence of unauthorized access to certain systems and the presence of malicious code within its network. The breach occurred between February 26, 2023, and March 7, 2023.
Over 100 organizations have reportedly been identified as affected by the breach, including prominent entities like the Arkansas Department of Human Services, the City of New York Management Benefit Fund, the Iowa Department of Health and Human Services, Louisiana Department of Health, and the Idaho Department of Health and Welfare.
Breached Personal Information and Health Data
The compromised personal information of affected patients may include their full name, date of birth, address, telephone number, email address, social security number, and driver’s license number or government-issued ID number.
Furthermore, the attackers also gained access to sensitive health data, including insurance information such as the name of the plan, insurer, or government payor, member or Medicaid/Medicare ID number, plan and/or group number, and details pertaining to dental and orthodontic care.
This information encompassed not only the patients but also their parents, guardians, and guarantors who were responsible for bill payments. Additionally, the attackers obtained data relating to patient visits, dentist and doctor names, past care history, X-rays/photos, prescribed medications, and treatment details.
Varying Extent of Data Compromise
MCNA Dental has emphasized that the extent to which the data was compromised varies among the affected individuals. The company is taking the necessary steps to address the breach, including notifying the impacted patients and cooperating with regulatory authorities to investigate the incident further.
The dental insurer is working diligently to enhance its cybersecurity measures and ensure the protection of patient information moving forward.
The information and viewpoints presented in the above news piece or article do not necessarily reflect the official stance or policy of Dental Resource Asia or the DRA Journal. While we strive to ensure the accuracy of our content, Dental Resource Asia (DRA) or DRA Journal cannot guarantee the constant correctness, comprehensiveness, or timeliness of all the information contained within this website or journal.
Please be aware that all product details, product specifications, and data on this website or journal may be modified without prior notice in order to enhance reliability, functionality, design, or for other reasons.
The content contributed by our bloggers or authors represents their personal opinions and is not intended to defame or discredit any religion, ethnic group, club, organisation, company, individual, or any entity or individual.