Delta Dental pays $2.2M penalty for cybersecurity violations
Dental practices contract with Delta Dental; understand how insurer cybersecurity failures may affect your patient data.
Delta Dental Insurance Company and Delta Dental of New York will pay a $2.2 million penalty to the New York State Department of Financial Services for failing to meet cybersecurity regulations. The penalty stems from a 2023 data breach involving MOVEit software that compromised an estimated 2,500 organizations worldwide, including multiple Delta Dental entities.
What the MOVEit breach exposed
The MOVEit vulnerability affected Delta Dental's systems in 2023, making the company one of thousands of organizations targeted through the same software flaw. The breach exposed patient and business data held by Delta Dental, triggering regulatory scrutiny from New York financial authorities.
Regulatory implications for dental insurers
The penalty underscores state regulators' expectations for robust cybersecurity practices among health insurers. Dental practices that contract with Delta Dental or similar carriers should verify that their business partners maintain current security protocols and incident response procedures, particularly for third-party software and vendor management.
Frequently asked questions
What is Delta Dental being fined for?
Delta Dental Insurance Company and Delta Dental of New York are paying $2.2 million for violating cybersecurity regulations set by the New York State Department of Financial Services. The violations relate to a 2023 data breach involving MOVEit software.
How did the MOVEit breach affect Delta Dental?
MOVEit software had a vulnerability in 2023 that compromised an estimated 2,500 organizations worldwide, including Delta Dental entities. Patient and business data stored in Delta Dental systems were exposed through this breach.
Should dental practices be concerned about this penalty?
Yes. Dental practices that contract with Delta Dental should verify their insurer's cybersecurity practices and vendor management procedures. Insurer breaches can expose patient data and compromise practice operations.
What does this mean for patient data security in dental practices?
The penalty demonstrates that state regulators enforce cybersecurity standards for health insurers. Dental practices should ensure contracts with insurers include cybersecurity commitments and require notification of any breaches affecting practice data.
