SafeLink Consulting Blog

Delta Dental of California Faces Massive Data Breach

Kellie Thimmes, BS, DISIPC
Posted by Kellie Thimmes, BS, DISIPC on Mar 27, 2024 9:02:11 AM

In a recent and alarming revelation, Delta Dental of California, a major player in the dental insurance sector, has fallen victim to a data breach affecting more than 6.9 million individuals. The breach was orchestrated by the notorious Clop hacking group, exploiting a zero-day vulnerability in Progress Software's MOVEit Transfer solution. This breach, which took place between May 27 and May 30, 2023, has significant implications for both Delta Dental and the millions of individuals whose sensitive information has been compromised.


Delta Dental of California, a prominent dental insurance provider spanning 15 states and serving 45 million individuals, has recently fallen victim to a massive data breach. The breach occurred when malicious hackers gained unauthorized access to the company's systems through the MOVEit file transfer software application. The software had a vulnerability known as a zero-day SQL injection flaw, which allowed the notorious Clop ransomware gang to exploit it.

Delta Dental discovered the compromise on June 1, 2023, and confirmed unauthorized access to and theft of data between May 27 and May 30, 2023, following an internal investigation conducted five days later. Upon discovering the vulnerability, Delta Dental swiftly took action to contain the incident, but unfortunately a lot of information had already been compromised. As a result of this breach, more than 6.9 million customers of Delta Dental have had their personal information exposed. 

Data Compromised:

To assess the extent of the breach, third-party computer forensics experts were enlisted to conduct a thorough analysis, completing the process on November 27, 2023. The compromised data includes a concerning array of personal information, such as names combined with addresses, Social Security numbers, driver's license numbers, other state identification numbers, passport numbers, financial account details, tax identification numbers, individual health insurance policy numbers, and health information.

Notification and Remediation: 

Delta Dental, acknowledging the severity of the breach, began the process of notifying affected individuals on December 14, 2023. To mitigate the risks associated with this exposed data, Delta Dental is providing impacted patients with 24 months of free credit monitoring and identity theft protection services. This initiative aims to assist affected individuals in safeguarding their financial and personal information from potential misuse.

The Delta Dental of California data breach along with the many other cyber breaches that have occurred highlight the evolving landscape of cyber threats faced by organizations in all sectors. This incident serves as a stark reminder of the importance of robust cybersecurity measures and the swift adoption of security patches to mitigate the risks associated with zero-day vulnerabilities. As organizations continue to navigate the digital landscape, prioritizing the protection of sensitive data and implementing proactive security measures becomes paramount to safeguarding the trust and well-being of their clientele.


Discover more about how to achieve OSHA compliance for the dental practice or dental lab.

Learn more about what SafeLink Consulting can do to help your business with compliance services, including safety compliance, to meet OSHA training requirements and quality system consulting to meet FDA compliance. Contact us for an OSHA consultation.


 Subscribe to our News

Get notification when new regulatory compliance training courses are added plus upcoming events by subscribing to our email news.


 

Topics: General Industry, Dental Lab Industry, Dentistry, Health & Safety, Emergency Planning, Medical Device Manufacturers, Practice Management

Subscribe To Our Blog

Most Popular

Need an employee Health and Safety Manual for your business to assist in meeting OSHA requirements? Contact SafeLink Consulting for assistance with a customized written safety program for dentistry or with assistance for your specific industry.

 

SafeLink Consulting assists businesses with workplace safety training, infection control training, HIPAA training online, quality systems, assessments, audits, due diligence, and more.

 

Industries include:

 

Dentistry compliance - assisting the dental practice with meeting requirements for OSHA, HIPAA, EPA, and CDC guidelines, patient safety and employee health & safety

 

Dental Laboratory compliance - assisting the dental lab with meeting requirements for OSHA, FDA, and CDC guidelines, employee health & safety, plus FDA requirements for lab manufacturing custom implant abutment /gmp for medical device manufacturers

 

Medical Device Manufacturers compliance - assisting with meeting OSHA compliance & FDA requirements, GMP - good manufacturing practices

 

General Industry compliance - assisting with OSHA compliance and FDA compliance as it pertains to the specific business

 

Beverage Industry compliance - assisting beverage businesses such as the craft brewery, winery, cidery, distillery, vintner with meeting OSHA compliance, health & safety, FDA requirements / GMP - Good Manufacturing Practices.

 

Contact Sales to Customize your Compliance Program