Select Page

On May 26, 2023, Managed Care of North America Inc. (MCNA) reported a data breach affecting a staggering 8,923,662 individuals. This violation, orchestrated by the notorious LockBit ransomware group, marked the most significant healthcare data breach of the year thus far. The hackers infiltrated MCNA’s systems between February 26 and March 7, 2023, compromising sensitive information, including names, addresses, social security numbers, health insurance details, and data on dental and orthodontic care provided.

MCNA Dental, a healthcare services company based in Pittsburgh, Pennsylvania, sprung into action upon discovery of the breach on March 6, 2023. The company engaged a third-party cybersecurity firm to investigate and confirm the presence of malicious code. As a subsequent measure, MCNA notified all affected individuals and provided complimentary credit monitoring services for up to two years, contingent on state law requirements.

A hacker in a dark room engaging in nefarious activities such as data breaches.
Both the MCNA and ILS incidents serve as a stark reminder of the relentless threats healthcare entities face in maintaining data security.

However, the lack of ransom payment prompted the LockBit group to publish a portion of the stolen data on the dark web, escalating the magnitude of the breach. This incident has raised concerns about MCNA’s data security commitment and spurred a legal investigation by consumer rights law firm Hagens Berman, intending to ensure better security measures and compensation for insured customers.

In a separate incident, Florida-based Independent Living Systems (ILS), a provider of clinical and administrative services to managed care organizations, reported a significant cybersecurity incident in 2022. The incident involved unauthorized access to ILS systems between June 30 and July 5, 2022, compromising personal and medical data.

Initially, the breach was reported to impact 501 individuals. However, a revised report revealed that over 4.2 million people were affected, making it the largest known health data breach of 2022 if reported accurately to the Department of Health and Human Services’ Office for Civil Rights (HHS OCR). 

Both MCNA and ILS incidents serve as a stark reminder of the relentless threats healthcare entities face in maintaining data security. They highlight the importance of robust cybersecurity measures, timely identification, and accurate notification of affected individuals following major data security incidents.

They also underscore the common challenges in the aftermath of such breaches, including immediate threat containment, thorough investigations, and enhancements to security controls and monitoring practices. Affected customers are advised to remain vigilant, monitor their financial accounts, utilize the provided identity protection services, consider credit freezes, and consult data breach lawyers if needed.

While the healthcare sector continues to grapple with these challenges, the MCNA and ILS incidents serve as a wake-up call to not only bolster security infrastructure but also to foster a culture where data security is regarded as an utmost priority, thereby mitigating the likelihood of such devastating breaches in the future.

Elijah Oling Wanga