Three years after LockBit published nearly 700 gigabytes of stolen data when the company refused to pay a $10 million ransom, the largest dental data breach on record is heading toward resolution.
What happened
Managed Care of North America, Inc., doing business as MCNA Dental, and co-defendant Healthplex, Inc., have agreed to a multimillion-dollar class action settlement over a February 2023 ransomware attack that exposed the records of 8,923,662 individuals, the majority of them children enrolled in Medicaid and Children's Health Insurance Program dental benefits. According to Becker's Dental Review, the LockBit ransomware group gained access to MCNA's network on February 22, 2023, and maintained access until March 7, 2023, exfiltrating approximately 700 gigabytes of data before encrypting files. MCNA refused to pay the $10 million ransom demand, and LockBit published the entire stolen dataset on its dark web leak site on April 7, 2023, making it freely downloadable. The settlement was filed on June 12, 2026, in the US District Court for the Southern District of Florida and has not yet received preliminary court approval. Compromised data includes names, Social Security numbers, driver's license numbers, Medicaid and Medicare ID numbers, dental and orthodontic treatment records, and health insurance information.
Going deeper
The consolidated lawsuit, Crowe et al. v. Managed Care of North America Inc., combined 25 separate class action filings with overlapping claims into a single action. According to BankInfoSecurity, two earlier attempts at court-appointed mediation failed, and extensive discovery and litigation followed before the parties reached an agreement. The total settlement fund value has not been disclosed publicly.
The MCNA Dental breach remains the largest dental-sector data breach on record and one of the largest Medicaid-related breaches in US history. The population affected, primarily children enrolled in government dental benefit programs, had no direct relationship with MCNA and no awareness that the company held their records. Parents received notification letters in late May 2023, more than two months after LockBit had already published their children's Social Security numbers, dental records, and Medicaid IDs publicly.
What was said
In its settlement filing, MCNA Dental and Healthplex made no admission of liability or wrongdoing. BankInfoSecurity reported that MCNA has agreed as part of the settlement to implement additional security improvements and has updated its business practices to reduce the risk of similar incidents going forward, though the specific controls required have not been publicly detailed.
In the know
MCNA Dental's decision not to pay LockBit's $10 million demand resulted in the full dataset being published publicly, a direct demonstration of the double-extortion model's leverage mechanism. The data remained available for download from LockBit's dark web site until law enforcement disrupted LockBit's infrastructure in February 2024 as part of Operation Cronos. According to BankInfoSecurity, MCNA reported that over 100 organizations were affected downstream by the breach.
The big picture
For Medicaid dental benefit administrators and government health program contractors, the case shows both the scale of exposure that comes with centralized administration of government program data and the litigation consequences that follow when that data is breached. According to Paubox's Top 3 Healthcare Email Attacks report, vendor and business associate exposure accounted for 28 percent of all email-related healthcare breaches in 2025. MCNA's position as a centralized administrator for state Medicaid dental programs made it exactly the type of high-value single point of failure that ransomware groups target.
FAQs
Why is the total settlement amount not disclosed?
Settlement funds in class actions are sometimes kept confidential as part of the agreement between parties, particularly when the total represents a negotiated business resolution rather than a court-ordered judgment. The caps on attorney fees, administration costs, and individual claims provide partial insight into the fund's structure even without a disclosed total.
What is medical data monitoring, and why is it the most valuable benefit here?
Medical data monitoring scans for unauthorized use of a patient's identity in healthcare settings, fraudulent insurance claims, prescriptions, or medical services filed under the victim's name and policy number. For children whose Medicaid IDs and dental records were exposed, the risk of medical identity fraud can persist for years, making ongoing monitoring more practically useful than a small cash payment.
Why did LockBit publish the data after MCNA refused to pay?
LockBit operated a double-extortion model, stealing data before encrypting systems and threatening to publish it if the ransom was not paid. Publishing the data after non-payment serves two purposes: it fulfills the threat to demonstrate credibility with future victims, and it creates additional pressure on the current victim through reputational damage and regulatory consequences.
