New York regulators have fined Delta Dental $2.25 million after finding the company failed to adequately protect sensitive personal information in a cybersecurity breach that exposed data belonging to New Yorkers.
The settlement, announced by the state Department of Financial Services, stems from an investigation that found Delta Dental Insurance Company and Delta Dental of New York did not meet required cybersecurity standards.
Officials said weaknesses in the companies’ incident response policies and procedures allowed hackers to exploit a known vulnerability in MOVEit Transfer servers, leading to unauthorized access and the theft of sensitive data. The breach involved personal information including names, addresses, Social Security numbers, financial account details, and patient health information.
State regulators had alerted companies to the vulnerability in June 2023, but investigators determined Delta Dental failed to adequately address the risk and did not promptly report the breach as required under state law.
The Department of Financial Services said the violations ran afoul of New York’s cybersecurity regulations, which mandate that financial institutions implement safeguards to protect consumer data and quickly notify regulators of security incidents.
Delta Dental notified affected consumers by March 2024, according to the state.
State officials said the penalty underscores a broader effort to hold institutions accountable as cyber threats continue to evolve.
FingerLakes1.com is the region’s leading all-digital news publication. The company was founded in 1998 and has been keeping residents informed for more than two decades. Have a lead? Send it to [email protected].