The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

Managed Care of North America Hacking Incident Impacts 8.9 Million Individuals

Posted By on May 30, 2023

Managed Care of North America, Inc. (MCNA), which also does business as MCNA Dental –  a provider of dental benefits and services for state Medicaid and Children’s Health Insurance Programs – has recently reported a major data breach to the Maine Attorney General that has affected 8,923,662 individuals. This is the largest healthcare data breach to be reported by a single covered entity so far this year, and the second 5 million record+ healthcare data breach to be reported this month.

On March 6, 2023, MCNA discovered an unauthorized third party was able to access certain systems within its IT network. The threat was immediately contained and a third-party cybersecurity firm was engaged to investigate the intrusion and determine the nature and scope of the incident. The forensic investigation determined that the network had been compromised and infected with malicious code and that the attackers removed some copies of personal and protected health information from its systems between February 26, 2023, and March 7, 2023.

The review of the files that were copied or potentially accessed confirmed that they contained protected health information such as names, addresses, telephone numbers, email addresses, birth dates, Social Security numbers, driver’s license numbers, government-issued ID numbers, health insurance information, Medicare/Medicaid ID numbers, group plan names and numbers, and information related to the dental and orthodontic care provided. The types of compromised information varied from individual to individual. MCNA said it is unaware of any attempted or actual misuse of the affected data. MCNA said it has enhanced its security controls and monitoring practices to minimize the risk of further incidents of this nature in the future.

The LockBit ransomware group claimed responsibility for the attack and leaked some of the stolen data on its dark web data leak site as proof of data theft, and demanded a $10 million ransom to prevent the publication of all of the stolen data. It appears that the ransom was not paid, as the group published the stolen files on April 7, 2023.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Affected individuals are now being notified and are being offered complimentary credit monitoring services for 1 or 2 years, dictated by the minimum terms required by state laws. MCNA sent notifications on behalf of Florida Healthy Kids Corporation, the Florida Agency for Health Care Administration, and the following 112 insurance plans:

Aetna Better Health of New York EverCare Choice, Inc. Local 342 Health Care Fund Teamsters Local 237 Babylon Welfare Fund
African American Planning Excavators Union Local 731 Welfare Fund Local 342 Welfare Fund Teamsters Local 237 Brentwood Welfare Fund
AgeWell New York, LLC Excellus Health Plan, Inc. (Excellus BlueCross BlueShield, Univera Healthcare, Premier Health Plan). Local 522 – C/O United Teamster Fund Teamsters Local 237 Islip Welfare Fund
Albest Metal Stamping Corporation Extended MLTC, LLC Local 808, I.B. of T. Health and Welfare Fund Teamsters Local 237 New York City Welfare Fund
Amerigroup Community Care Florida Agency for Health Care Administration Louisiana Department of Health Teamsters Local 237 North Babylon Welfare Fund
Amida Care, Inc. Florida Healthy Kids Corporation Magnacare, LLC Teamsters Local 237 Plainview Welfare Fund
Arkansas Department of Human Services Graphic Art International Union Local 119B MCS Healthcare Holdings, LLC Teamsters Local 237 Retiree Fund
Assistant Deputy Wardens Association/Deputy Wardens Association Guildnet, Inc. Metroplus Health Plan, Inc. Teamsters Local 237 West Islip Welfare Fund
ATU Local 1056 Health Fund 917 Metropolitan Transit Authority Teamsters Local 72 Welfare Fund
Bridge & Tunnel Officers Benevolent Association Healthplex Dental Services, Inc. MVP Health Plan Texas Health and Human Services Commission
Brighton Health Plan Solutions LLC Healthplex Insurance Company MVP Health Services Corp. Town Of Hempstead
CareConnect Insurance Company Healthplex, Inc. Nascentia Health, Inc. UFCW Local 2013 Health and Welfare Fund
Catholic Managed Long Term Care, Inc Hicksville UFSD Nassau County Uniformed Fire Alarm Dispatchers Benevolent Association
Centerlight Healthcare, Inc. Highmark Blue Cross Blue Shield of Western New York Nebraska Department of Health and Human Services Uniformed Fire Officers Association
Centers Plan for Healthy Living iCircle New York City District Council of Carpenters Uniformed Firefighters Association Security Benefit Fund
City of New York Management Benefit Fund Idaho Department of Health and Welfare New York City Service Employees International Union Local 246 Welfare Fund Uniformed Sanitationmen’s Association Local 831
Correction Officers Benevolent Association Incorporated Village of Garden City NYC Association of Surrogate and Supreme Court reporting United Federation of Teachers
Court Officers Benevolent Association of Nassau County Independent Health Association, Inc. Oscar Insurance Corporation United Federation of Teachers Health Care Chapter Benefit fund
Crystal Run Health Plans Independent Health Benefits Corporation Patchogue-Medford UFSD United Food and Commercial Workers Local 888 Health and Pension Funds
Dentcare Delivery Systems, Inc. Integra MLTC, Inc. Prime Choice MLTCP United Public Service Employees Union Benefit Plan
Detectives’ Endowment Association International Healthcare Services, Inc. Quality Health Plans of New York, Inc. United Teamsters Fund
District Council 1707 Local 95 Head Start Employees Welfare Fund International Union of Operating Engineers Local 138 Welfare Fund Saint Vincents Catholic Medical Center of New York Utah Department of Health and Human Services
Elderplan Homefirst International Union of Operating Engineers Local 30 Benefits Fund Sergeant Benevolent Association VillageCareMAX
ElderServe Health Inc. dba RiverSpring at Home International Union of Operating Engineers Local 30 Welfare Trust Staffco of Brooklyn, LLC VNS CHOICE doing business as VNS Health Health Plans.
ElderServe Health Inc. dba RiverSpring FIDA Iowa Department of Human Services Suffolk County PBA Benefit Fund Wellcare
Elderwood Health Plan Kentucky Cabinet for Health and Family Services Suffolk County Superior Officers Association Benefit Fund Wyandanch Union Free School District
Empire BlueCross BlueShield HealthPlus Local 1199 National Benefit Fund Superior Officers Council York MG/York Home Care
Employee Administrative Corporation Local 1964 ILA Health & Insurance Teachers College at Columbia University YourCare Health

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist