SafeLink Consulting Blog

Delta Dental of California Faces Massive Data Breach

Written by Kellie Thimmes, BS, DISIPC | Mar 27, 2024 1:02:11 PM

In a recent and alarming revelation, Delta Dental of California, a major player in the dental insurance sector, has fallen victim to a data breach affecting more than 6.9 million individuals. The breach was orchestrated by the notorious Clop hacking group, exploiting a zero-day vulnerability in Progress Software's MOVEit Transfer solution. This breach, which took place between May 27 and May 30, 2023, has significant implications for both Delta Dental and the millions of individuals whose sensitive information has been compromised.

Delta Dental of California, a prominent dental insurance provider spanning 15 states and serving 45 million individuals, has recently fallen victim to a massive data breach. The breach occurred when malicious hackers gained unauthorized access to the company's systems through the MOVEit file transfer software application. The software had a vulnerability known as a zero-day SQL injection flaw, which allowed the notorious Clop ransomware gang to exploit it.

Delta Dental discovered the compromise on June 1, 2023, and confirmed unauthorized access to and theft of data between May 27 and May 30, 2023, following an internal investigation conducted five days later. Upon discovering the vulnerability, Delta Dental swiftly took action to contain the incident, but unfortunately a lot of information had already been compromised. As a result of this breach, more than 6.9 million customers of Delta Dental have had their personal information exposed. 

Data Compromised:

To assess the extent of the breach, third-party computer forensics experts were enlisted to conduct a thorough analysis, completing the process on November 27, 2023. The compromised data includes a concerning array of personal information, such as names combined with addresses, Social Security numbers, driver's license numbers, other state identification numbers, passport numbers, financial account details, tax identification numbers, individual health insurance policy numbers, and health information.

Notification and Remediation: 

Delta Dental, acknowledging the severity of the breach, began the process of notifying affected individuals on December 14, 2023. To mitigate the risks associated with this exposed data, Delta Dental is providing impacted patients with 24 months of free credit monitoring and identity theft protection services. This initiative aims to assist affected individuals in safeguarding their financial and personal information from potential misuse.

The Delta Dental of California data breach along with the many other cyber breaches that have occurred highlight the evolving landscape of cyber threats faced by organizations in all sectors. This incident serves as a stark reminder of the importance of robust cybersecurity measures and the swift adoption of security patches to mitigate the risks associated with zero-day vulnerabilities. As organizations continue to navigate the digital landscape, prioritizing the protection of sensitive data and implementing proactive security measures becomes paramount to safeguarding the trust and well-being of their clientele.

Discover more about how to achieve OSHA compliance for the dental practice or dental lab.

Learn more about what SafeLink Consulting can do to help your business with compliance services, including safety compliance, to meet OSHA training requirements and quality system consulting to meet FDA compliance. Contact us for an OSHA consultation.


 

Get notification when new regulatory compliance training courses are added plus upcoming events by subscribing to our email news.