TECH Personal data for 233,000 Iowa Medicaid members compromised in cyber attack

MM Curator summary

The article below has been highlighted and summarized by our research team. It is provided here for member convenience as part of our Curator service.


[MM Curator Summary]: 3 (4?) oopsies in Iowa the last year. Latest one is tied to MCNA Dental bennies.


Clipped from:

Russian group claims responsibility

DES MOINES — More than a quarter of Iowa Medicaid patients had their personal data compromised in a data breach affecting one of Iowa’s two Dental Wellness Plan managed care organizations.

The personal information of approximately 233,000 Iowa Medicaid members was included in a data breach of MCNA Dental earlier this year, according to the Iowa Department of Health and Human Services.

It is among the largest medical data breaches in Iowa to date, according to federal data, and the largest involving Iowa Medicaid.


MCNA Dental, one of the largest dental insurers for government-sponsored Medicaid and CHIP programs, suffered a ransomware attack between February and March that led to unauthorized access to personal health data of nearly 9 million people, according to a filing with the Maine Attorney General.

MCNA Dental managed dental coverage under Medicaid for more than 295,000 Iowans at the end of last year, according to a report from Iowa HHS.

Delta Dental is the other managed care organization in Iowa’s dental program. It manages 486,000 Dental Wellness plans.

The Iowa Department of Health and Human Services did not respond to a request for comment by the time of publication.

What information was taken?

The hackers potentially obtained a trove of data from the managed care organization, including full names, addresses, phone numbers, Social Security numbers, driver’s license numbers, health insurance plan information, bills and insurance claims, according to a notice provided to affected patients.

The attack happened between Feb. 26 and March 7 of this year, and MCNA Dental sent notices to patients and states impacted May 26.

On Iowa Politics

You will begin to receive our Daily On Iowa Politics updates. Add to your contacts.

The Russia-linked ransomware organization LockBit took credit for the attack and has claimed on its dark web site to have published 700 GB of patient data from MCNA, according to TechCrunch.

Who is affected?

More than 233,000 Iowans whose Medicaid dental coverage was managed by MCNA were affected. Those impacted received a notification in the mail. Names of parents, guardians or guarantors may also have been taken.

MCNA is offering free credit monitoring and identity protection services to affected individuals.

In an emailed statement, MCNA Dental said it is committed to protecting patients’ information and maintaining the integrity of its systems.

“As soon as we discovered recent unauthorized activity affecting our network, we took steps to mitigate the risk and reported the matter to law enforcement and customers,” the company said. “We continue to fortify our systems, as appropriate, to minimize the risk of a similar incident in the future.”

Other cyber incidents

The security breach is among three reported this year by Iowa Health and Human Services affecting Medicaid members.

On April 10, the department reported more than 20,000 Iowans had their data breached in an attack on an Iowa Medicaid subcontractor, Independent Living Systems.

In May, it reported Amerigroup accidentally disclosed personal health information for 8,333 Iowa Medicaid members to providers in explanation of payment notices.

Also in May, the Clarke County Hospital in Osceola reported it had been the victim of a ransomware attack, which led to the potential exposure of thousands of patients, including their names, Social Security numbers and driver’s license numbers.