Cyber Incident Victim: Delta Dental of Illinois
Date:
Dec 2018
Location:
United States of America
Summary
Delta Dental of Illinois experienced a security incident when an employee succumbed to a phishing attack, enabling unauthorized access to the employee's email account over several days. The compromised account contained protected health information of insured members and dependents, potentially exposing names, addresses, dates of birth, insurance details, and Social Security numbers. While the investigation could not confirm whether attackers actually viewed or misused the sensitive data, the organization proactively notified potentially impacted individuals and provided one year of complimentary credit monitoring services.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
Delta Dental of Illinois, part of the largest dental plan system in the United States, disclosed a security incident in April 2019 stemming from a phishing attack discovered after the fact. The breach occurred when an employee fell victim to a phishing scheme, granting attackers access to the employee’s email account between December 21 and December 28, 2018. The compromised account contained protected health information (PHI) of an unspecified number of insured members and their dependents, including names, addresses, dates of birth, insurance details, and Social Security numbers. The organization’s internal investigation confirmed the unauthorized access window but could not conclusively determine whether the attackers viewed or exfiltrated any PHI during the seven-day period. Delta Dental of Illinois opted to notify all potentially affected individuals despite the lack of definitive evidence regarding data misuse, acknowledging the inherent risk posed by the exposure of sensitive information.
The company initiated notifications in April 2019, approximately four months after detecting the incident, with a formal notice signed by its CEO explaining the breach’s circumstances and scope. Affected individuals were offered one year of complimentary credit monitoring services as a precautionary measure to mitigate potential identity theft or financial fraud risks. The incident highlighted vulnerabilities associated with phishing attacks targeting employee email accounts, though Delta Dental did not publicly disclose specific security improvements implemented post-breach. No ransomware, malware, or broader system compromise beyond the single email account was reported. The disclosure adhered to regulatory requirements for PHI breaches affecting over 500 individuals, though the exact number of notified parties remained unspecified in public statements. Delta Dental of Illinois maintained its operations throughout the investigation and response period without reporting additional disruptions or financial impacts directly tied to the incident.