A massive data breach at Delta Dental of California has exposed the personal information of nearly 7 million patients, casting a long shadow over healthcare data security and raising concerns about the vulnerabilities of popular file transfer software.
Table of Contents
Delta Dental Data Breach: Exploiting a Zero-Day Flaw
In a stark reminder of the ever-evolving cyberthreat landscape, Delta Dental confirmed unauthorized access to its systems through the MOVEit Transfer software application.
This vulnerability, tracked as CVE-2023-34362, was a zero-day SQL injection flaw that allowed attackers to remotely execute code within the system.
Delayed Discovery and Widespread Impact
Delta Dental of California first learned of the potential compromise in June 2023, but it took a full five days and an internal investigation to confirm unauthorized access and data theft.
The breach occurred between May 27 and 30, 2023, leaving a critical window for attackers to gather sensitive information.
A subsequent investigation, completed in November, revealed the full extent of the damage: 6,928,932 patients had their personal data exposed, including:
- Financial account numbers
- Credit/debit card numbers
- Security codes
This sensitive information places individuals at significant risk of financial fraud, identity theft, and other cybercrimes. Delta Dental is offering 24 months of free credit monitoring and identity theft protection services to impacted patients, but the damage may already be done.
Timeline of Incidents
- May 27-30, 2023: Unauthorized access to data.
- June 1, 2023: Delta Dental notified of the breach.
- July 6, 2023: Investigation confirms data access and acquisition.
- Nov 27, 2023: Investigation into affected information completed.
MOVEit Under Fire: A Pattern of Vulnerabilities
This incident is not the first time MOVEit Transfer has been involved in a major data breach. In fact, it ranks as the third largest MOVEit-related breach, following incidents at Maximus (11 million) and Welltok (8.5 million).
This pattern raises questions about the security of the software itself and its susceptibility to zero-day exploits.
The Cl0p ransomware gang, notorious for its audacious attacks, wasted no time in exploiting the flaw, infiltrating the systems of countless organizations using MOVEit software. Delta Dental of California, unfortunately, found itself among the victims.
What makes this breach particularly alarming is the nature of the exposed data. Dental records, while seemingly mundane, can hold a wealth of sensitive information about an individual’s health and medical history.
This information, in the wrong hands, can be used to target individuals with personalized scams, commit insurance fraud, or even blackmail victims.
Organizations relying on MOVEit for file transfer would be wise to re-evaluate their security protocols and consider alternative solutions with a stronger track record of data protection.
Beyond the Breach: Lessons Learned and Calls to Action
- Zero-day vulnerabilities are a real threat: Organizations must prioritize patching known vulnerabilities and actively seek out and address zero-day exploits.
- Data security requires constant vigilance: Regular security audits, penetration testing, and employee training are crucial to prevent and mitigate breaches.
- Transparency and communication are key: Timely notification of impacted individuals and clear communication about the risks involved are essential to building trust and minimizing damage.
The Delta Dental breach also raises questions about data retention practices. Why did a dental insurance company need to store passport numbers and other seemingly irrelevant personal details?
This incident highlights the importance of data minimization, ensuring organizations only retain the information essential for their core functions and promptly discard unnecessary data.
By prioritizing robust security measures, fostering open communication, and investing in cyber resilience, we can work together to build a more secure future for our data and ourselves.
Dedicated Support: Call 800-693-2571 for any questions or concerns.