Delta Dental of California MOVEit Hack Impacts 7M Individuals

December 18, 2023 - Delta Dental of California informed nearly 7 million individuals of a data breach stemming from the May 2023 hack of Progress Software’s MOVEit Transfer software.

As previously reported, numerous organizations have reported breaches stemming from the MOVEit vulnerability since it was exploited in May. MOVEit disclosed the vulnerability on May 31 and issued a patch on the same day. Months later, notifications continue to roll in.

Delta Dental of California described itself as “one of thousands of organizations impacted by a global data security incident resulting from a previously unknown vulnerability in the widely used MOVEit file transfer software.”

The breach enabled threat actors to access certain protected health information related to Delta Dental members, including information shared in connection with dental procedures and claims payments.

Following notification of the exploit from Progress Software, Delta Dental said that it immediately stopped access to the MOVEit software, removed malicious files, and applied the recommended patches. In addition, Delta Dental reset administrative passwords to the MOVEit system and enhanced monitoring capabilities.

Delta Dental completed its investigation into the incident in late November, despite the breach occurring in late May. Delta Dental stated that the “extensive investigation and analysis of the data recently concluded and was a critical component in enabling us to identify specific personal information that was acquired from the MOVEit platform.”

The information involved in the breach included addresses, Social Security numbers, passport numbers, driver’s license numbers, financial account information, tax identification numbers, health insurance policy number, and health information.

Delta Dental assured members that it applies security patches for known vulnerabilities regularly and frequently updates its capabilities to monitor emerging security threats.

This latest MOVEit breach disclosure adds millions to the total number of individuals impacted by the hack, which was claimed by Clop ransomware group. The incident follows a known trend of ransomware groups like Clop targeting vulnerabilities in widely used tools to expand their reach.

“The MOVEit customer breaches keep coming and coming,” said Roger Grimes, data-driven defense evangelist at KnowBe4.

“News sources have so far stated that thousands of companies might have become victims of the same vulnerability and ransomware actor, Clop, but six months later we are still learning about involved breaches. I would not be surprised if the true number of separate MOVEit breaches was in the tens of thousands.”

Grimes noted that the vulnerability was exploited as a zero-day, meaning that it wasn’t known to network defenders until after it was exploited. Defending against zero-day attacks is notoriously difficult and remains a challenge for critical infrastructure as it grapples with increasingly high-impact breaches stemming from zero-days.