Delta Dental Insurance Co. (DDIC) and Delta Dental of New York, Inc. (DDNY) will pay a for violations of New York’s cybersecurity regulation, the Department of Financial Services (DFS) reported.
Acting DFS Superintendent Kaitlin Asrow said that an investigation determined that the companies’ “inadequate incident response policies and procedures” allowed unauthorized access to New Yorkers’ personal information including names, addresses, social security numbers, driver’s license numbers, financial account information, and patient health information.
The investigation found that the cybersecurity program used by the companies did not comply with DFS’s cybersecurity regulation, which requires them to implement retention settings, policies, procedures, and controls designed to protect consumer data and the information systems of the financial institutions themselves.
In addition DDIC and DDNY failed to timely report their respective cybersecurity events as required, DFS said.
DDIC is a licensed accident and health insurer and DDNY is a licensed non-profit dental expense indemnity. company. Both companies use MOVEit Transfer servers for transferring files among their affiliates’ customers, business partners, medical professionals, and employees.
On June 2, 2023, the DFS alerted regulated entities of this vulnerability and its remediation in an letter. DDIC and DDNY notified all affected consumers by March 2024.
DFS’s became effective in March 2017, with an updated amendment effective as of November 2023.
Was this article valuable?
Here are more articles you may enjoy.
5 Years After Surfside Collapse: Safer Condos, More Transparency for Underwriters 
Ship Insurers Set for Major Claims From Iran War, Allianz Says 
Need Wind Mitigation? New Florida Insurer Wants to Help With That 
Space Startups Seek Insurance for Orbital AI Data Centers 
