Delta Dental of California, along with its affiliates, recently confirmed it was among numerous organizations affected by a significant global data security breach linked to the MOVEit file transfer software by Progress Software. The company disclosed that unauthorized actors accessed sensitive protected health information, including data related to dental procedures and claims payments.
The circumstances surrounding the incident began when Progress Software revealed a previously unknown vulnerability within the MOVEit software. This flaw led to a widespread security breach that reportedly impacted a vast array of organizations, from corporations to government agencies and financial institutions.
According to the company's statement, "On June 1, 2023, the Company learned unauthorized actors exploited a vulnerability affecting the MOVEit file transfer software application." This prompted Delta Dental to launch a comprehensive investigation into the matter. In its proactive measures, the company halted access to the MOVEit software, removed compromised files, and conducted an in-depth review of the affected database.
As part of the remediation efforts, Delta Dental implemented recommended security patches and reset administrative passwords related to the MOVEit system. Additionally, they enhanced monitoring for unauthorized access to the MOVEit file transfer service and increased vigilance against potential ransomware activities.
Impact and Legacy
The investigation further revealed that unauthorized access had occurred between May 27 and May 30, 2023. Delta Dental confirmed, "On July 6, 2023, our investigation confirmed that Company information on the MOVEit platform had been accessed and acquired without authorization." Following this discovery, they enlisted independent third-party experts specializing in computer forensics and data analytics to assess the extent of the breach and identify impacted information.
Impact and Legacy
The findings indicated that approximately 7 million individuals had their personal information compromised. Delta Dental stated their commitment to keeping affected individuals informed, emphasizing, "We have worked diligently to identify any impacted individuals to provide notification."
Looking Ahead
In addition to notifying those affected, Delta Dental has engaged with law enforcement agencies and has been cooperating with them throughout the investigation, which was concluded on November 27, 2023. The company’s response reflects its focus on data security, with ongoing efforts to enhance measures designed to prevent similar incidents in the future. "Data security is a priority for our Company," concluded a spokesperson for Delta Dental, highlighting their practices of applying security patches and continuously updating monitoring capabilities.
"Data security is a priority for our Company,"
As the aftermath of the breach unfolds, Delta Dental has taken steps to support individuals who may be affected. They are encouraging vigilance, advising individuals to review financial statements and credit reports closely for any suspicious activity. The company urges anyone who suspects they may be victims of identity theft to promptly report their concerns to law enforcement or relevant authorities.
For further assistance, Delta Dental has made resources available, including a dedicated contact number for inquiries related to the incident. The company reassured the public, stating, "We regret any inconvenience or concern this incident may cause."
In conclusion, this incident serves as a significant reminder of the vulnerabilities that may exist within widely used software and the critical need for organizations to prioritize their cybersecurity measures. Delta Dental's ongoing efforts to secure their systems and support affected individuals will play a vital role in maintaining customer trust amidst this challenging scenario.