Cyber Incident Victim: Delta Dental Plans Association
Date:
Nov 2020
Location:
United States of America
Summary
The Delta Dental Plans Association was targeted by Egregor ransomware actors, who listed the organization on their dedicated leak site. While the attackers claimed the breach, no specific details regarding compromised data or confirmed exfiltration were disclosed in available reports. Attempts to obtain a response from the victim entity were unsuccessful at the time of reporting. This incident aligns with Egregor's broader pattern of attacking healthcare-sector entities without restraint, similar to other ransomware groups like NetWalker and Conti. The lack of public confirmation or disclosure from the organization leaves the full scope and impact undetermined.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In September 2020, the Egregor ransomware group listed Delta Dental Plans Association, based in Oak Brook, Illinois, on their dedicated leak site as part of a broader targeting of medical and dental entities. This occurred alongside attacks on other dental practices, including Dyras Dental in Michigan, Paramount Dental Studio in California, and Coldwater Orthodontics in Michigan. Egregor’s leak site listings typically involved the public release of stolen data as proof of compromise, though the specific data exfiltrated from Delta Dental was not detailed in available reports. DataBreaches.net contacted Delta Dental for confirmation and details regarding the alleged breach but received no response by the time of their September 24, 2020, article. The lack of public statements or breach notifications from Delta Dental left the incident’s validity and scope unverified at the time of reporting.
Egregor’s attacks on dental organizations during this period exhibited varying impacts. Dyras Dental’s leaked data included patient insurance billings with protected health information, employee W-2 statements, and patient-related voicemails, suggesting a significant HIPAA-reportable breach, though the entity never publicly acknowledged the incident. Paramount Dental Studio’s listing involved misattributed data from an unrelated Australian dental practice, complicating incident verification. Coldwater Orthodontics’ leak contained business and marketing documents without clear evidence of compromised patient data. The Delta Dental listing lacked accompanying proof-of-hack data, and no further corroborating evidence emerged in subsequent public disclosures. Egregor’s broader pattern of targeting healthcare entities, including dental providers, contrasted with some ransomware groups’ self-imposed restrictions on attacking medical organizations. The absence of Delta Dental’s breach entry on the HHS public breach tool or official company communications left the incident unresolved in public records as of late 2020.