Dental services provider Delta Dental of Virginia (DDVA) is in the process of notifying roughly 146,000 individuals that their personal and health information was compromised as a result of a recent data security incident. The organization reported that the breach involved the compromise of an employee email account, an incident which was subsequently described in detail in a letter submitted to the Maine Attorney General’s Office. This notification confirms a significant security lapse and outlines the potential exposure of sensitive patient data held by the not-for-profit dental care provider, which is based in Roanoke, Virginia.
DDVA’s internal investigation, conducted with the assistance of independent cybersecurity experts, pinpointed the timeframe of the unauthorized access to the email account. The organization stated that a threat actor maintained access to the account between March 21 and April 23, during which time they may have accessed and exfiltrated emails and attachments containing patient data. The findings of this extensive review indicated that a total of 145,918 individuals had their private information potentially exposed in the breach, according to the submission made to the Maine Attorney General’s Office.
The information compromised in this incident is highly sensitive and includes a range of personal identifiers and protected health information (PHI). Specifically, the compromised data encompasses names, Social Security numbers, government-issued ID numbers, and various forms of protected health information. Despite the seriousness of the data exposure, DDVA stated in their notification, “Please note that DDVA has no evidence of the misuse, or attempted misuse, of any potentially impacted information,” a statement intended to mitigate immediate alarm among affected individuals…