Dental services provider Delta Dental of Virginia (DDVA) is in the process of notifying roughly 146,000 individuals that their personal and health information was compromised as a result of a recent data security incident. The organization reported that the breach involved the compromise of an employee email account, an incident which was subsequently described in detail in a letter submitted to the Maine Attorney General’s Office. This notification confirms a significant security lapse and outlines the potential exposure of sensitive patient data held by the not-for-profit dental care provider, which is based in Roanoke, Virginia.
DDVA’s internal investigation, conducted with the assistance of independent cybersecurity experts, pinpointed the timeframe of the unauthorized access to the email account. The organization stated that a threat actor maintained access to the account between March 21 and April 23, during which time they may have accessed and exfiltrated emails and attachments containing patient data. The findings of this extensive review indicated that a total of 145,918 individuals had their private information potentially exposed in the breach, according to the submission made to the Maine Attorney General’s Office.
The information compromised in this incident is highly sensitive and includes a range of personal identifiers and protected health information (PHI). Specifically, the compromised data encompasses names, Social Security numbers, government-issued ID numbers, and various forms of protected health information. Despite the seriousness of the data exposure, DDVA stated in their notification, “Please note that DDVA has no evidence of the misuse, or attempted misuse, of any potentially impacted information,” a statement intended to mitigate immediate alarm among affected individuals.
To assist those whose most sensitive information was exposed, the organization is offering protective services. DDVA will provide 12 months of free identity protection and credit monitoring services to all individuals whose Social Security numbers or driver’s license information was compromised in the attack. This measure is a standard industry practice aimed at helping victims detect and respond to potential identity theft or financial fraud resulting from the data breach.
DDVA operates as a not-for-profit entity providing cost-effective dental and vision plans for individuals and families across Virginia. Beyond its core service provision, the organization maintains a charitable arm, the Delta Dental of Virginia Foundation, which is dedicated to promoting and improving overall oral health throughout the state. This operational context underscores the provider’s central role in the state’s healthcare landscape, making the security breach a significant concern for thousands of residents.
Reference:
