The dental insurance firm initiated an investigation after discovering the suspicious incident through an employee's email. The probe determined the employee was the victim of a phishing scam, which gave the hacker access to the email account.
An analysis of the compromised account could not rule out access, which varied by patient and could include names, contact details, Social Security numbers, member or subscription identification numbers, driver's license numbers, government-issued or state identification numbers, passport number, financial account data, treatment information, dental insurance information, credit or debit card information, digital signatures, and usernames and passwords, according to Delta Denta's notice.
Under HIPAA regulations, health insurance plans must notify its subscribers about a possible information breach 60 days after such activity. Delta Dental of Arizona did not provide an explanation for the delay in notification.