Data breaches have become an unfortunate reality. And, the healthcare industry has been a prime target for cybercriminals due to the sensitive nature of patient data. In June 2023, Delta Dental of California discovered a data breach that affected approximately 7 million patients. In this article, we dive into the details of the breach and its implications for dental professionals.
What Happened in the Delta Dental of California Data Breach?
The Delta Dental of California data breach was caused by a hacking group’s exploitation of a zero-day vulnerability in Progress Software’s MOVEit Transfer solution. The incident exposed sensitive patient information (financial account numbers, credit/debit card numbers – including security code, access, code, password or PIN for the accounts), of approximately 7 million individuals – making it one of the most significant healthcare data breaches in recent years.
MOVEit Transfer Software Breach
An unknown vulnerability in MOVEit, a widely used file transfer system, has had far-reaching implications, affecting thousands of organizations globally, not just Delta Dental of California. This breach has underscored the persistent threats lurking in even the most seemingly secure systems.
MOVEit, like many other data transfer systems, is designed to be a secure way to transfer sensitive files; but the breach has proven that even such systems can have vulnerabilities exploited by determined cybercriminals. The exact nature of the vulnerability has not been shown to avoid misuse, but this incident is a reminder for all organizations to stay vigilant and constantly update their data security measures.
Breach Event Timeline
Following the breach's discovery, Delta Dental of California embarked on a series of actions to mitigate the impact on their members and prevent a recurrence. We have laid out a timeline of these events, from when the breach was detected, to the measures taken for resolution, and the ongoing steps to enhance security. This timeline supplies a comprehensive view of the incident's management and the lessons learned in the process.
May 27-May 30, 2023 – Delta Dental of California company information on the MOVEit platform is accessed and acquired without authorization.
June 1, 2023 - Delta Dental of California learns unauthorized actors exploited MOVEit vulnerability and immediately launches a thorough investigation.
July 6, 2023 – Initial investigation confirms that Company information was accessed and acquired between May 27-May 30. Delta Dental of California engages third-party experts in computer forensics, analytics, and data mining to conduct a thorough analysis of the incident.
September 5, 2023 – Delta Dental of California submits the breach to the Department of Health and Human Services.
November 27, 2023 – Analysis is complete and finds the exact impact of the security incident, including the affected individuals and data types. Approximately 7 million individuals were affected.
December 14, 2023 – Notification letters are distributed to affected individuals.
Protective Measures Taken
In addition to the thorough investigation, Delta Dental of California took these steps to contain and remediate the incident:
- Stopping access to the MOVEit software
- Removing malicious files
- Conducting a thorough analysis of the MOVEit database
- Applying recommended patches
- Resetting administrative passwords to the MOVEit system
- Enhancing unauthorized access monitoring
According to Delta Dental of California, impacted individuals will be notified of specific services available to support them. And, they encourage individuals to remain vigilant by:
- Reviewing bank accounts, credit reports, and other financial statements closely
- Reporting any suspicious activity to companies that maintain accounts
- Reporting concerns of identity theft to law enforcement
Additionally, affected individuals should consider taking these proactive steps to limit exposure:
- Be cautious with unsolicited communications (phishing actors, scammers, or other cybercriminals may already have access to your data)
- Change login information for compromised accounts
- Use a dark web monitoring service to check for leaked credentials
Implications for Dental Professionals
As the third-largest healthcare MOVEit-related breach reported, the Delta Dental of California data breach highlights the growing threat of cyberattacks in the healthcare industry, particularly for dental professionals.
Cybercriminals see patient data as a lucrative target. Therefore, it’s crucial for dental practice to have robust HIPAA compliant security measures in place. This includes regularly updating systems, implementing strong password protocols, supplying thorough employee training, and having dedicated dental IT services that continually monitor and manage your systems.
Find out 4 ways to maximize cybersecurity in your dental practice today!
In conclusion, the recent Delta Dental of California data breach serves as a cautionary tale for all dental professionals. Cybersecurity threats are constantly evolving, and it is essential to remain proactive in protecting sensitive patient information.
By implementing robust security measures and working with reputable dental IT support, you can ensure the safety and confidentiality of your patients' data while maintaining HIPAA compliance. Remember, prevention is always better than cure when it comes to cyber threats. Stay informed, stay updated, and most importantly, stay protected.
Dental IT. Remove the Burden. Embrace the Use.
Quality patient care – it's ultimately why you became a dental professional. But, some business operations can get in the way (such as pesky computer issues or lack of IT support). That’s where Pact-One Solutions can help! Our passion lies in supplying reliable, responsive dental IT support and security that practices can count on.
Whether you’re looking for dental IT services for your startup or searching for more responsive dental IT support – our team of dental IT specialists have you covered. With team members throughout the United States, we offer nationwide support to dental practices of all sizes. Our wide range of dental IT services ensure your data is secure, accessible, and protected.
Don't let technology challenges hinder your ability to deliver exceptional dental care. Contact us at firstname.lastname@example.org or 866-722-8663 to join 350+ dental practices thriving with the support of a dedicated dental IT team.
Resources for this article:
- Delta Dental of California: https://www1.deltadentalins.com/content/dam/ddins/en/pdf/banners/notice-of-moveit-data-security-incident-en.pdf
- Abyde: https://abyde.com/abyde-insights-managing-the-aftermath-of-the-delta-dental-moveit-breach/
- BleepingComputer: https://www.bleepingcomputer.com/news/security/delta-dental-of-california-data-breach-exposed-info-of-7-million-people/
- Becker’s Dental: https://www.beckersdental.com/revenue-cycle-management/41957-delta-dental-of-california-affected-by-software-data-breach.html