MOVEit Hack Impacts Delta Dental of California and Pan-American Life Insurance Group

MOVEit Hack Impacts 7 Million People from Delta Dental of California

Delta Dental of California reported that it suffered from a mass exploitation conducted by the Clop hacking group of a zero-day vulnerability identified in the MOVEit Transfer solution by Progress Software. Delta Dental of California, a member of the Delta Dental Plans Association, is the dental insurance provider to 45 million individuals. As per the breach notification provided to the Maine Attorney General, the attack resulted in the theft of the data of approximately 7 million people, which include Delta Dental of California plan members and affiliates.

On June 1, 2023, Delta Dental learned about exploiting the SQL injection vulnerability CVE-2023-34362 identified in the MOVEit Transfer solution. Progress Software launched an emergency patch to correct the vulnerability on May 31, 2023. However, before applying the patch, the Clop group already exploited the vulnerability from May 27 to May 30, 2023 and extracted information from the MOVEit server of Delta Dental.

On July 6, 2023, Delta Dental reported the unauthorized access to plan members’ information. Third-party computer forensics specialists helped conduct data mining and analytics to identify the stolen data. Because of the volume of the data impacted, the data analysis was just finished, with the final listing of the impacted persons and types of information affected completed on November 27, 2023. The company began sending notification letters to those people on December 14, 2023.

Delta Dental stated the stolen information consists of names along with at least one of these data: address, driver’s license number, Social Security number, other state ID number, passport number, financial account data, tax ID number, individual medical insurance policy number, and/or health data. The impacted persons received free credit monitoring and identity theft protection services for two years.

Delta Dental emphasized in its notification letters that the incident involved mass exploitation that impacted many companies; nevertheless, the Delta Dental of California data breach is different because of the number of people impacted. There were 6,928,932 dental plan members impacted, making this the third biggest healthcare MOVEit-associated breach reported, following Maximus Inc. with 11 million and Welltok with 8.5 million.

The HIPAA Breach Notification Rule calls for the issuance of notification letters within 60 days after discovering a breach. Delta Dental of California reported the data breach to the HHS’ Office for Civil Rights on September 6, 2023 following the HIPAA Breach Notification Rule. At the time, the number of affected individuals was not yet sure therefore the entity used an interim number of 501. The time it took to discover the incident, respond to it, and identify the breached data and by whom, together with which people are affected is not strange. To know this usually depends on professional digital forensic and incident response companies who must forensically evaluate records and individual data utilizing a mix of forensic tools and cybersecurity skills to understand what occurred and the particular data objects. Modern data security applications could accelerate the discovery of what information is affected, specifically at scale, perhaps the timeframes are decreased as the tools are used. Nevertheless, matching those data objects to the affected individuals will still take time taking into consideration the forensic quality that could be accepted in court.

200,000 Individuals Affected by the Pan-American Life Insurance Group Data Breach

The Pan-American Life Insurance Group based in Louisiana has reported that it suffered from the mass hacking by the Clop hacking group of a zero-day vulnerability identified in Progress Software’s MOVEit Transfer solution at the end of May 2023. On May 31, 2023, Progress Software made a patch available to resolve the earlier unknown vulnerability; nevertheless, by that time, the attacker had already mass-exploited the vulnerability to acquire access to the MOVEit servers. Over 2,600 companies around the world are now identified to have been impacted and the data of about 78 to 83 million people were stolen in the cyberattacks.

The Pan-American Life Insurance Group stated it promptly discontinued utilizing the MOVEit Transfer solution for transferring files when it knew about the flaw and called in a cybersecurity company to find out if the vulnerability was exploited. The investigation confirmed the theft of files. An analysis of those files started on October 5, 2023, it was affirmed that they included personal data and protected health information (PHI), such as names, Social Security numbers, addresses, birth dates, driver’s license numbers, contact details, some biometric information, medical and medical benefits data, subscriber numbers, and credit card and financial account data.

The Pan-American Life Insurance Group provided the impacted persons with free credit monitoring and identity theft protection services for 24 months. Two breach reports were submitted to the HHS’ Office for Civil Rights that impacted 105,387 and 94,807 persons.

Dameron Hospital Cyberattack

Dameron Hospital based in Stockton, CA, has reported a cyberattack that impacted parts of its network systems. Lacking important systems has resulted in disruption. Some procedures were canceled until the restoration of all systems online; nevertheless, a representative for the hospital mentioned the continuing patient care treatments and emergency department functions. The hospital investigated the nature and extent of the breach and whether any patient information had been compromised or stolen.

Cyberattack on Covenant Care by Hunters International

Covenant Care, a company of skilled nursing, home healthcare, and residential care in Nevada and California, seems to have encountered a cyberattack and data theft. The Hunters International hacking group listed Covenant Care on its data leak site, which suggests that Covenant Care did not pay the ransom. Covenant Care did not confirm whether this is true.

Covenant Care has encountered multiple phishing attacks in the last 5 years, including an attack in 2019 that affected 7,858 patients and another in 2022 that involved the PHI of 23,093 patients. In response to the 2019 attack, the HHS Office for Civil Rights issued technical assistance to help Covenant Care with its security management process.