Insurer's data security breach went unnoticed for 8 years
Enrollment data, demographic details and personal information for 95,000 individuals may have been accessed by an unauthorized party.
The Delaware Department of Insurance announced it received a notice of a data security breach suffered by Dominion National, an insurer and administrator of dental and vision benefits. On April 24, 2019, through its investigation of an internal alert, Dominion National discovered that servers containing enrollment data, demographic details, personal information of consumers, plan producers and health care providers may have been accessed by an unauthorized party.
The investigation determined that the unauthorized access may have occurred as early as Aug. 25, 2010. Dominion National advised the Department of Insurance that they responded immediately by cleaning the affected servers and initiating a comprehensive review of data stored on or potentially accessible from the servers.
“Upon receiving notice of this breach, I asked that our market conduct division begin an investigation to learn all of the facts behind this incident,” Commissioner Trinidad Navarro said in a statement. “The Department of Insurance will determine if appropriate safeguards were in place, and if private consumer information was handled properly.”
Compromised information
On June 17, 2019, the review determined that the potentially compromised information might include the following data: names, addresses, dates of birth, email addresses, Social Security numbers, taxpayer identification numbers, bank account and routing numbers, member ID numbers, group numbers and subscriber names of what amounts to 10% of Delaware’s population. It is important to note that some affected by the data breach may not have had a plan through Dominion National, but had a plan for which Dominion National was a third-party administrator.
According to Dominion National, there is “no evidence that any information was in fact accessed, acquired or misused.” The company has implemented enhanced monitoring and alerting software and is providing two years of free credit monitoring and fraud protection services for all individuals potentially impacted by the incident.