DES MOINES — More than a quarter of Iowa Medicaid patients had their personal data compromised in a data breach affecting one of Iowa’s two Dental Wellness Plan managed care organizations.
The personal information of approximately 233,000 Iowa Medicaid members was included in a data breach of MCNA Dental earlier this year, according to the Iowa Department of Health and Human Services. It is among the largest medical data breaches in Iowa to date, according to federal data, and the largest involving Iowa Medicaid.
MCNA Dental, one of the largest dental insurers for government-sponsored Medicaid and CHIP programs, suffered a ransomware attack between February and March that led to unauthorized access to personal health data of nearly 9 million people, according to a filing with the Maine Attorney General.
People are also reading…
MCNA Dental managed dental coverage under Medicaid for more than 295,000 Iowans as of the end of last year, according to a report from Iowa HHS. Delta Dental is the other managed care organization in Iowa’s dental program. It managed 486,000 Dental Wellness Plans.
The Iowa Department of Health and Human Services did not respond to a request for comment by the time of publication.
What information was taken?
The hackers potentially obtained a trove of data from the managed care organization, including full names, addresses, phone numbers, Social Security numbers, driver’s license numbers, health insurance plan information, bills and insurance claims, according to a notice provided to affected patients.
The attack happened between February 26 and March 7 of this year, and MCNA Dental sent notices to patients and states impacted on May 26.
The Russia-linked ransomware organization LockBit took credit for the attack, and has claimed on its dark web site to have published 700 GB of patient data from MCNA, according to TechCrunch.
Who is affected?
More than 233,000 Iowans whose Medicaid dental coverage was managed by MCNA were affected. Those impacted received a notification in the mail. Names of parents, guardians or guarantors may also have been taken.
MCNA is offering free credit monitoring and identity protection services to affected individuals.
In an emailed statement, MCNA Dental said it is committed to protecting patients’ information and maintaining the integrity of its systems.
“As soon as we discovered recent unauthorized activity affecting our network, we took steps to mitigate the risk and reported the matter to law enforcement and customers,” the company said. “We are notifying those whose information may have been involved in this incident, and we continue to fortify our systems, as appropriate, to minimize the risk of a similar incident in the future.”
Event follows other cyber incidents
The security breach is among three reported this year by Iowa HHS affecting Medicaid members. On April 10, the Iowa Department of Health and Human Services reported more than 20,000 Iowans had their data breached in an attack on an Iowa Medicaid subcontractor, Independent Living Systems.
In May, Iowa HHS reported Amerigroup accidentally disclosed personal health information for 8,333 Iowa Medicaid members to providers in explanation of payment notices.
Also in May, the Clarke County Hospital reported it had been the victim of a ransomware attack which led to the potential exposure of thousands of patients, including their names, Social Security numbers and driver’s license numbers.
While Narcan can reverse opioid overdoses in the short term, these two treatments can help patients overcome addiction altogether