Cyber Incident Victim: Delta Dental of Arizona
Date:
Jul 2019
Location:
United States of America
Summary
A phishing attack compromised an employee email account at Delta Dental of Arizona, potentially exposing sensitive personal and health information. The breach may have involved names, addresses, Social Security numbers, financial account details, dental treatment records, insurance information, and various government-issued identifiers. While unauthorized access couldn't be confirmed, affected individuals included those who conducted business with the Arizona entity or whose employers did. The organization delayed public notification for several months following discovery and did not provide complimentary identity protection services to impacted parties. Security policies were under review following the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On July 8, 2019, Delta Dental of Arizona experienced a phishing attack compromising an employee email account. The organization could not confirm whether protected health information (PHI) or personally identifiable information (PII) was actually accessed but disclosed that the breached account potentially contained multiple sensitive data types. These included names, addresses, dates of birth, Social Security numbers, member/subscription IDs, driver’s license numbers, government-issued IDs, passport numbers, financial account details, credit/debit card information, dental treatment records, insurance details, digital signatures, and login credentials. The initial press release did not specify whether impacted individuals were plan members, dentists, brokers, or other parties, nor did it disclose the number of affected individuals. Delta Dental issued no offer of complimentary identity protection services to those potentially exposed.
The organization publicly disclosed the incident in November 2019—four months after discovery—without explaining the delay beyond the typical 60-day notification window. Response actions included securing the affected email account and initiating a review of internal policies. A subsequent clarification on Delta Dental of Arizona’s website narrowed the scope to individuals or employers who conducted business directly with that specific entity, excluding clients of other Delta Dental affiliates. The entity provided no media contact details for further inquiries, limiting public transparency regarding detection methods, containment timelines, or forensic findings. No operational disruptions or additional attacker actions beyond the initial email compromise were reported.