MCNA Dental Reaches Multimillion-Dollar Class Action Settlement Following Ransomware Attack Affecting 9 Million Consumers

The massive litigation follows a devastating ransomware attack executed by the LockBit cybercriminal organization against MCNA Dental’s networks. The breach began on February 26, 2023, and went undetected until March 6, 2023. During this window, unauthorized hackers successfully infiltrated MCNA’s systems and exfiltrated approximately 700 gigabytes of highly confidential consumer data.

After securing the stolen files, the ransomware group demanded a steep $10 million ransom payment from MCNA Dental under the threat of leaking the data publicly. MCNA Dental refused to pay the ransom. Consequently, on April 7, 2023, the LockBit gang published the entirety of the stolen data on its dark web leak site, making sensitive health and identity records fully available for download by anyone.

What Highly Sensitive Personal and Health Data Was Exposed?

Because MCNA Dental acts as a major benefits manager for government-sponsored Medicaid and Children’s Health Insurance Programs (CHIP), the stolen database contained a wealth of highly sensitive personal identifiable information (PII) and protected health information (PHI). The data exposed to the dark web included full names, dates of birth, telephone numbers, email addresses, and home addresses.

Worse still, the breach laid bare deep identity credentials, including Social Security numbers, driver’s license numbers, Medicare or Medicaid identification numbers, and specific health insurance plan details. Security advocates note that this comprehensive mix of medical and federal identification records gives bad actors everything necessary to perpetrate severe identity fraud, placing millions of families at permanent risk.

Who Was Affected by This Massive Data Security Failure?

According to data breach documentation submitted to state regulators, the cybersecurity failure directly impacted approximately 8.9 million individuals across the United States. MCNA Dental provided administrative and management services on behalf of more than 100 corporate clients, state insurance plans, and government healthcare agencies.

The scope of affected victims extends beyond just the children who received dental treatments. It encompasses current and former dental patients, their parents, legal guardians, and financial guarantors who provided their personal identifiers to secure coverage. Additionally, healthcare providers affiliated with the network and certain MCNA employees had their data exposed.

What Were the Legal Claims Brought Against MCNA Dental?

Following the dark web data dump, affected consumers united to file a consolidated class action lawsuit in a Florida federal court. The legal action named both MCNA Dental and its subsidiary, Healthplex—a firm MCNA acquired in 2019—as co-defendants. The lawsuit alleged that the companies engaged in negligence, breach of implied contract, and unjust enrichment by failing to implement commercially reasonable cybersecurity protocols.

Plaintiffs argued that MCNA violated federal Health Insurance Portability and Accountability Act (HIPAA) privacy standards by losing control of patient data and delaying public notifications for more than 11 weeks. MCNA Dental strongly denies any wrongdoing or liability, maintaining that it was the victim of a sophisticated cybercrime. However, the company agreed to the settlement fund to conclude the prolonged legal battle.

How Much Cash Can Affected Class Members Receive?

The proposed class action settlement sets up a concrete financial reimbursement pipeline intended to assist everyday people who suffered out-of-pocket consequences as a direct result of the cyberattack.

Under the terms of the newly filed agreement, class members can claim up to $2,500 in cash reimbursements for documented, out-of-pocket losses that are directly traceable to the MCNA security incident. This fund is structured to cover tangible expenses, such as fraudulent bank charges, credit freeze fees, costs for purchasing independent credit reports, and expenses related to replacing identity documents. While individual claims can reach up to $2,500, the court documents indicate an overall cap of $250,000 for total undocumented out-of-pocket expense claims across the entire settlement class.

What Medical Data Monitoring Services Are Offered?

Recognizing that medical identity theft can manifest years after an initial data exposure, the settlement provides robust, proactive identity defense tools for all participating class members.

Every eligible individual who submits a valid claim can enroll in two full years of specialized medical data monitoring services. This protective coverage features comprehensive fraud alerts, dark web identity scanning, and unauthorized financial transaction tracking. Crucially, the service includes a $1 million identity theft financial insurance policy to shield families from future fraud. Consumer attorneys note that this service carries an individual retail value of roughly $179 per year. Because millions of consumers are eligible to enroll, the aggregate retail value of this benefit alone technically exceeds $3.2 billion.

What Corporate Security Improvements Have Been Mandated?

In addition to providing monetary payouts and credit shields, the class action settlement forces the corporation to fundamentally upgrade its defensive infrastructure to hold them accountable for future security.

As an essential component of the settlement agreement, MCNA Dental has committed to implementing permanent changes to further secure its computer networks, databases, and remote environments. The corporation must continue to deploy advanced security modifications explicitly designed to protect consumer information from secondary breaches. Consumer attorneys highlight these mandated business practice changes as a vital “added value” that protects the ongoing privacy of low-income families and children who rely on government dental benefits.

How Are the Total Settlement Funds Being Divided?

The multimillion-dollar financial package requires MCNA Dental to pay extensive litigation, administrative, and consumer defense fees to completely resolve the consolidated lawsuits.

• Consumer Claim Fund: Up to $250,000 is allocated directly for individual out-of-pocket loss compensation, alongside the multi-billion-dollar capacity provided for the medical data monitoring program.

• Attorneys’ Fees and Costs: Class action attorneys will receive up to $6.4 million in legal fees, alongside up to $1.3 million to cover accrued litigation costs. Legal experts note that these amounts conform to traditional class action benchmarks.

• Administrative Fees: MCNA Dental is required to allocate up to $2 million to pay for the independent settlement administrator tasked with handling notice distribution and claim processing.

What Are the Next Steps and Timelines for Victims?

Because the proposed settlement agreement was officially submitted to the Florida federal court on June 12, 2026, the legal process is moving into its next phases.

As of mid-June 2026, the presiding federal judge has not yet finalized the dates for the preliminary approval hearing or the final approval hearing. Once the court grants preliminary approval, an official settlement administrator will be appointed to construct a dedicated claims portal and mail formal notice packets to the 9 million affected consumers. These packets will contain specific, mandatory deadlines outlining the exact dates by which class members must submit claims, request exclusion, or object to the terms.