MCNA data breach affecting Medicaid and Childrens Health Insurance recipients in over 100 organizations

MCNA Insurance Company, a provider of services to state Medicaid agencies and Children's Health Insurance Programs (CHIP), has reported a data security breach that exposes the personal information of recipients.

Over 100 organizations, including state health departments, Teamsters, and union organizations, are listed as affected by the breach, which occurred between February 27 and March 7, 2023. Unfortunately, MCNA didn't provide a number of affected members/individuals.

The compromised data includes demographic details, contact information, Social Security numbers, health insurance information, and more, although per information from MCNA not all data was involved for all affected individuals.

As per the information provided by MCNA to the Maine Attorney General, an estimated nine million people have been impacted by this breach, encompassing both current and former clients.

The information doesn’t provide details about the security breach, but the LockBit ransomware group claimed responsibility for the attack.
The ransomware group added the company to the list of victims on its Tor leak site and published a sample of the stolen data as proof of the data breach and demanded a ransom of $10 million not to publish the stolen data.

Since MCNA didn't pay the ransom, LockBit has released the data on the dark web for other hackers to use.

MCNA is taking measures to enhance security and is offering free credit monitoring and identity protection services to impacted individuals.