Managed Care of North America

Managed Care of North America (MCNA) operates as a dental insurance provider, holding the position of the largest such insurer in the United States specifically for government-sponsored programs. Its core business involves administering dental benefits for Medicaid and the Children's Health Insurance Program (CHIP), serving a significant portion of the public benefits market. The company's services encompass the processing of claims, management of provider networks, and the handling of sensitive personal and health information for its members, which includes children and families enrolled in these government programs. This specialization places MCNA within the healthcare insurance sector, with a distinct focus on public-sector dental coverage rather than commercial or individual plans. The nature of its work requires strict adherence to healthcare regulations and data protection standards due to the volume of protected health information (PHI) and personally identifiable information (PII) it maintains.

The scale of MCNA's operations is evidenced by the nearly nine million individuals whose data was compromised in a 2023 ransomware attack, indicating a substantial membership base across multiple states. This breach, executed by the LockBit group, involved the exfiltration of 700 gigabytes of highly sensitive data, including Social Security numbers, driver’s licenses, detailed dental treatment records, and x-rays. The incident's impact extended beyond individual members to affect associated government agencies and labor unions, demonstrating the interconnectedness of MCNA's operations with broader public sector entities. In response to the attack, following an unmet $10 million ransom demand, the company engaged in forensic investigations, coordinated with law enforcement, and provided a year of identity protection services to affected individuals, while implementing security enhancements. These actions highlight the critical infrastructure role MCNA plays within the government-funded dental care ecosystem and the severe consequences of a cybersecurity compromise on that function. No explicit information regarding corporate ownership, parent companies, or subsidiary structures is provided in the available material.