New York regulators have fined Delta Dental $2.25 million after finding the company failed to adequately protect sensitive personal information in a cybersecurity breach that exposed data belonging to New Yorkers.
The settlement, announced by the state Department of Financial Services, stems from an investigation that found Delta Dental Insurance Company and Delta Dental of New York did not meet required cybersecurity standards.
Officials said weaknesses in the companies’ incident response policies and procedures allowed hackers to exploit a known vulnerability in MOVEit Transfer servers, leading to unauthorized access and the theft of sensitive data. The breach involved personal information including names, addresses, Social Security numbers, financial account details, and patient health information.
Source: State secures $2.25M penalty against Delta Dental over data breach failures / FingerLakes1.com