{"id":241784,"date":"2026-05-08T12:38:00","date_gmt":"2026-05-08T16:38:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/delta-dental-agrees-to-2-25-million-settlement-with-nydfs-over-moveit-data-breach-response\/"},"modified":"2026-05-08T13:00:09","modified_gmt":"2026-05-08T17:00:09","slug":"delta-dental-agrees-to-2-25-million-settlement-with-nydfs-over-moveit-data-breach-response","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/08\/delta-dental-agrees-to-2-25-million-settlement-with-nydfs-over-moveit-data-breach-response\/","title":{"rendered":"Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response"},"content":{"rendered":"<p><a href=\"https:\/\/www.hunton.com\/privacy-and-cybersecurity-law-blog\/delta-dental-agrees-to-2-25-million-settlement-with-nydfs-over-moveit-data-breach-response\">Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response<\/a><\/p>\n<p><a href=\"https:\/\/www.hunton.com\/privacy-and-cybersecurity-law-blog\/delta-dental-agrees-to-2-25-million-settlement-with-nydfs-over-moveit-data-breach-response\">https:\/\/www.hunton.com\/privacy-and-cybersecurity-law-blog\/delta-dental-agrees-to-2-25-million-settlement-with-nydfs-over-moveit-data-breach-response<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-08 12:38:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.hunton.com\">www.hunton.com<\/a><\/p>\n<p>Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response<\/p>\n<p>On April 30, 2026, the New York State Department of Financial Services (NYDFS) announced a $2.25 million settlement with Delta Dental Insurance Company, a licensed health insurer, and Delta Dental of New York, Inc., a licensed non-profit dental expense indemnity (together, \u201cDelta Dental\u201d), for violations of NYDFS\u2019s Cybersecurity Regulation (23 NYCRR Part 500).<\/p>\n<p>The settlement follows NYDFS\u2019s investigation into Delta Dental\u2019s response to a 2023 cybersecurity incident that exploited a zero-day vulnerability in Progress Software\u2019s MOVEit file transfer tool. Delta Dental reported that the unauthorized access to its MOVEit tool resulted in the theft of approximately 60,000 files containing patient information, such as names, addresses, Social Security numbers, government-issued identification numbers, financial account information, tax identification numbers, health insurance policy numbers and patient health information.<\/p>\n<p>NYDFS alleged that Delta Dental\u2019s \u201cinadequate incident response policies and procedures allowed threat actors to exploit vulnerabilities to obtain unauthorized access to New Yorkers&#8217; personal information.\u201d Specifically, NYDFS alleged that Delta Dental violated the Cybersecurity Regulation as follows:<\/p>\n<ul>\n<li><strong>Failure to Limit Data Retention: <\/strong>Delta Dental failed to implement data retention settings, policies, procedures, and controls designed to protect consumer data and the company\u2019s IT systems. For example, Delta Dental lengthened its IT systems\u2019 default retention settings and stored the exfiltrated files for longer than 30 days.<\/li>\n<li><strong>Delayed Notice to NYDFS: <\/strong>Despite becoming aware of the incident in June 2023 and determining consumer data was affected in July 2023, Delta Dental did not notify NYDFS of the incident until December 15, 2023. (The Cybersecurity Regulation requires covered entities to notify NYDFS within 72 hours of discovery of an&#8230;<\/li>\n<\/ul>\n<p><a href=\"https:\/\/www.hunton.com\/privacy-and-cybersecurity-law-blog\/delta-dental-agrees-to-2-25-million-settlement-with-nydfs-over-moveit-data-breach-response\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Delta Dental Agrees to $2.25 Million Settlement with NYDFS Over MOVEit Data Breach Response https:\/\/www.hunton.com\/privacy-and-cybersecurity-law-blog\/delta-dental-agrees-to-2-25-million-settlement-with-nydfs-over-moveit-data-breach-response&#8230;<\/p>\n","protected":false},"author":1,"featured_media":241785,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.hunton.com\/privacy-and-cybersecurity-law-blog\/assets\/images-t1778259369\/206510.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,57,27],"class_list":["post-241784","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-security","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241784"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=241784"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241784\/revisions"}],"predecessor-version":[{"id":241786,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/241784\/revisions\/241786"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/241785"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=241784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=241784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=241784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}