Cyber Incident Victim: Dominion National
Date:
Aug 2010
Location:
United States of America
Summary
Dominion National experienced a cybersecurity breach potentially exposing sensitive personal and financial information of current and former members, producers, and healthcare providers. The intrusion occurred years prior to its recent discovery via an internal alert, leading to server remediation efforts. Compromised data included names, addresses, birthdates, Social Security numbers, bank account details, and insurance identifiers, though investigators found no conclusive evidence of data access or misuse. The insurer notified federal authorities under HIPAA requirements, established a dedicated support line, and advised potentially affected individuals to contact them regarding notification status.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Dominion National, a dental and vision insurer and administrator, experienced a cybersecurity breach that initially occurred on August 25, 2010, but remained undetected until April 24, 2019. The intrusion was discovered following an internal alert, prompting an immediate investigation and server cleanup. Unauthorized access potentially compromised servers containing extensive personal and financial data from current and former members of Dominion National and Avalon vision, as well as members of plans administered by the company. Exposed information included names, postal addresses, dates of birth, email addresses, Social Security numbers, taxpayer identification numbers, bank account and routing numbers, member ID numbers, group numbers, and subscriber numbers. Data belonging to healthcare providers and producers was also present on the affected systems. The company conducted a comprehensive review of potentially accessible data but found no definitive evidence confirming whether the intruder accessed, copied, or misused specific information during the nine-year period between breach occurrence and discovery.
Upon identifying the breach, Dominion National complied with Health Insurance Portability and Accountability Act (HIPAA) requirements by initiating breach notifications within the mandated 60-day window following discovery. The company reported the incident to the Federal Bureau of Investigation and committed to cooperating with law enforcement throughout their investigation. A dedicated phone line operated Monday through Friday from 8 a.m. to 8 p.m. Eastern Time was established to address customer inquiries about the breach. Affected individuals were instructed to contact Dominion National if they believed they were impacted but had not received notification letters by September 23, 2019. The breach impacted both enrollment/demographic information for members and administrative data related to plans serviced by the company, though forensic analysis could not conclusively determine data exfiltration or misuse due to the extensive timeframe involved.