What's Happening?
Delta Dental Insurance Co. and Delta Dental of New York, Inc. have been fined $2.25 million by the New York Department of Financial Services (DFS) for failing to comply with the state's cybersecurity regulations. The DFS investigation revealed that the companies
had inadequate incident response policies, which allowed unauthorized access to sensitive personal information of New Yorkers, including social security numbers and health information. The companies also failed to report the cybersecurity incidents in a timely manner as required by the DFS regulations. The violations were linked to the use of MOVEit Transfer servers, which were vulnerable to exploitation. The DFS cybersecurity regulation, effective since March 2017, mandates financial institutions to implement robust data protection measures.
Why It's Important?
This penalty underscores the critical importance of robust cybersecurity measures in protecting consumer data, especially in the financial and insurance sectors. The fine serves as a warning to other companies about the consequences of non-compliance with cybersecurity regulations. It highlights the increasing regulatory scrutiny on data protection practices and the need for companies to invest in comprehensive cybersecurity programs. The incident also raises awareness about the potential risks associated with third-party software vulnerabilities, emphasizing the need for regular security assessments and timely incident reporting.
