Delta Dental of Virginia has reported a significant data breach affecting over 146,000 customers. The breach is part of the long tail of the MOVEit file transfer vulnerability attacks. Exposed data includes names, member IDs, and potentially sensitive health information.
Business Impact
This incident highlights the persistent, long-term liability of supply chain vulnerabilities. Even months or years after a major flaw is disclosed, the downstream impact of stolen data continues to trigger regulatory reporting requirements, fines, and class-action lawsuits.
Why It Happened
Attackers exploited the critical MOVEit Transfer vulnerability (CVE-2023-34362) to exfiltrate data files before patches could be applied. The complex nature of third-party data handling meant the full scope of the impact took time to identify.
Recommended Executive Action
Ensure your organization has fully remediated all systems related to the MOVEit vulnerability. Conduct a retrospective audit of all file transfer logs from that period to ensure no data exfiltration events were missed in the initial response.
Hashtags: #DataBreach #Healthcare #DeltaDental #MOVEit #SupplyChain #HIPAA #CyberSecurity #InfoSec