Delta Dental of California is the latest victim of the global MOVEit file transfer data breach. The company is notifying nearly 7 million dental patients that their data was compromised. This newest breach adds to the devastating impact on healthcare caused by flaws in Progress Software’s MOVEit program.
In its website data breach notice, Delta Dental of California said that hackers accessed certain protected health information (PHI), including information shared in connection with dental procedures and claims payments. The company filed a breach notice with the Maine Attorney General on December 14, 2023. There is no breach notice on the HHS’ Office for Civil Rights portal to date, but it’s likely to appear soon.
Delta Dental of California is one of the nationwide Delta Dental health plans that cover 85 million people. This data breach notice applies only to patients insured by Delta Dental of California.
The information compromised included names, addresses, Social Security numbers, driver’s license or other state identification numbers, passport numbers, financial account information, tax identification numbers, individual health insurance policy numbers, and health information.
According to its notice, the company first learned of the breach on June 1, 2023. On July 6, after an internal investigation, Delta Dental confirmed that it was exposed to the MOVEit breach between May 27 and May 30. It then hired an independent IT forensics team to evaluate what information was affected and how extensive the breach was. The company also notified law enforcement.
Healthcare Hit Hard by the MOVEit Data Breach
The Delta Dental of California breach is the third largest MOVEit data breach, behind government contractor Maximus (11 million) and patient communications company Welltok (8.5 million). Welltok and Delta Dental patients account for 17% of the global MOVEit data breach victims so far. (15.5 million out of 90 million total).
Note that the Maximus breach also affected healthcare because one of its customers is the Centers for Medicaid and Medicare Services (CMS). At least 330,000 Medicare recipients were affected by the MOVEit breach at Maximus.
HIPAA Risk Management Can Prevent Breaches
The single most effective defense against cybercrime is HIPAA Risk Analysis and Risk Management. HIPAA requires it, and it’s easy to do with The HIPAA E-Tool®.
For example, the Security Rule Checklist in The HIPAA E-Tool® prompts organizations to patch and update software, refresh workforce training, and review encryption procedures and access controls.
If you want to strengthen compliance and reduce the risks of a breach, The HIPAA E-Tool® can help.