Delta Dental of Virginia, a non-profit dental insurer based in Roanoke, Virginia, disclosed a significant data breach that compromised the personal information of 145,918 customers.
The incident stemmed from an external hacking attack on March 21, 2025, with the breach discovered on August 22, 2025.
Notifications went out to affected individuals on November 21, 2025, including 222 Maine residents, as required by state law.
Hackers gained unauthorized access to systems containing names combined with other personal identifiers.
While exact data types remain partially unspecified in public filings, healthcare breaches often include sensitive details such as addresses, dates of birth, and health-related information linked to dental records.
This combination heightens identity theft risks, as attackers can use it for phishing, account takeovers, or fraudulent claims.
The breach notification, filed with Maine’s Attorney General, highlights the growing threat of external system intrusions.
Cybersecurity experts note that these typically involve exploited vulnerabilities such as unpatched software flaws (e.g., CVE-listed web app bugs) or weak authentication (e.g., default credentials).
Delta Dental’s filing confirms there have been no prior breaches in the last 12 months.
However, the seven-month detection lag raises questions about the effectiveness of monitoring tools such as intrusion detection systems (IDSs) and endpoint detection and response (EDR) solutions.
| Aspect | Details |
|---|---|
| Organization | Delta Dental of Virginia (Non-Profit), 5415 Airport Road, Roanoke, VA 24012 |
| Affected Individuals | 145,918 total (222 in Maine) |
| Breach Date | March 21, 2025 |
| Discovery Date | August 22, 2025 |
| Attack Type | External system breach (hacking) |
| Data Exposed | Names + other personal identifiers |
| Notification | Written letters sent November 21, 2025 |
The filing came from attorney Lindsay Nickle of Constangy, Brooks, Smith & Prophete, LLP, underscoring legal compliance amid regulatory scrutiny.
No consumer reporting agency notification was needed, as Maine impacts stayed under 1,000.
Delta Dental acted swiftly post-discovery, offering TransUnion identity theft and credit protection services to victims.
These include credit monitoring, dark web scans, and identity restoration support, though duration details were not specified.
Customers received a sample notice (available via the Maine AG portal) urging vigilance: freeze credit, watch statements, and report suspicious activity.
This event spotlights vulnerabilities in the healthcare sector, where patient data is a prime target for ransomware or espionage.
Delta Dental urged affected users to enroll in protections and monitor for fraud. No evidence of data misuse has surfaced yet.
However, experts recommend multi-factor authentication (MFA) and regular vulnerability scans to prevent repeats. The insurer has not publicly detailed remediation steps, fueling calls for transparency.
PortSwigger has leveled up Burp Suite's scanning arsenal with the latest Active Scan++ extension, version…
Unit 42 researchers at Palo Alto Networks exposed serious flaws in the Model Context Protocol…
Polish police have arrested three Ukrainian men traveling through Europe and seized a cache of…
Google has launched its most significant Chrome update ever, embedding Gemini AI across the browser…
Attackers exploit this vulnerability through the router's web interface components, specifically "cgibin" and "hnap_main," by…
Security researchers have uncovered a severe flaw in Apache Tika, a popular open-source toolkit for…