Feds Trusted. Service Driven.

Feds Trusted. Service Driven.

GEBA Communication to Impacted Members

February 2024

Dear GEBA member/participant/past enrollee,

We believe that by now you have received a mailed notice from Delta Dental insurance company related to their data breach that affected you and/or potentially your spouse/dependents. GEBA was one of several Delta Dental Business Associate partners serving federal employees that was impacted. (If you have not yet received their official notice by mail, you will, any day now.)

Regrettably, we are now all familiar with these notices. However, that does not make them routine or alleviate concerns. The next question is always “What do I do now?” and Delta Delta’s notice provides detailed information about how the company will assist you. This information is also posted below. We know that Delta Dental is highly committed to supporting their patient customers in this matter and we encourage you to explore and take full advantage of all available resources.

Again, while we remain confident in our current partnership with the company, our apologies.

Sincerely,

MonaB_Signature

Mona F. Buckley
GEBA President & CEO

Delta Dental Notification

In addition to outlining the details of the incident, Delta Dental’s notice provides detailed information including recommended steps to help protect your information.

Questions?
If you have questions, please call 800-693-2571, 8:00 a.m. to 5:30 p.m. Central Time, Monday through Friday, excluding major U.S. holidays. Please have the membership number from your Delta Dental notification ready. 

Delta Dental of California and affiliates1 experienced a data security incident that impacted the personal information, including protected health information (“PHI”) of GEBA Members who participate in our Dental program. Delta Dental learned unauthorized actors exploited a vulnerability and were able to access and acquire personal and protected health information without authorization between May 27, 2023 and May 30, 2023.

The data security incident involved the MOVEit Transfer (“MOVEit”) software by Progress Software, an application used by Delta Dental and many organizations worldwide. This vulnerability led to a global data security incident that is reported to have impacted many organizations, including corporations, government agencies, insurance providers, pension funds, financial institutions, state education systems and more.

Delta Dental takes the privacy and security of your information seriously. Immediately after being alerted of the incident, Delta Dental launched a thorough investigation and took steps to contain and remediate the incident. 

1 Delta Dental of California and affiliates includes Delta Dental Insurance Company, Delta Dental of the District of Columbia, Delta Dental of Delaware, Inc., Delta Dental of Pennsylvania, Delta Dental of New York, Inc., Delta Dental of West Virginia, and their affiliated companies, as well as Dentegra Insurance Company, Delta Dental of Puerto Rico, Inc., and the national DeltaCare USA network.

Delta Dental conducted a MOVEit incident investigation with legal counsel guidance and independent third-party experts in computer forensics, analytics and data mining to determine what information was impacted.

Delta Dental stopped access to the MOVEit software, removed the malicious files, applied security patches for known vulnerabilities provided by Progress Software Corporation, and reset administrative passwords to the MOVEit system. Delta Dental also updated and enhanced capabilities to monitor potential security threats including unauthorized access monitoring related to the MOVEit Transfer file access, malicious activity, and ransomware activity.

The notice GEBA members have or will receive from Delta Dental will provide the specific information that was involved.

Impacted information includes names with some combination of the following:

  • addresses
  • Social Security numbers
  • driver’s license numbers or other state identification numbers
  • passport numbers
  • financial account information
  • tax identification numbers
  • individual health insurance policy numbers
  • and/or health information

Delta Dental is considered both a Covered Entity and Business Associate as defined under the Health Insurance Portability and Accountability Act (HIPAA, 45 Code of Federal Regulations §160.103) as it relates to group clients. Delta Dental fulfilled its obligation as a covered entity to issue media and regulatory notice of the MOVEit incident.   

To date (December 15, 2023), the following notifications were issued by the Company:  

  1. Media Notices by Delta Dental of California and affiliates – all states except Alaska 
  2. Media Notices by Delta Dental of Puerto, Inc. – Puerto Rico
  3. Media Notices by Dentegra Insurance Company – CO, MA, MD, NC, SC, VA, and WA
  4. State Insurance Departments by Delta Dental of California and affiliates – CA, DE, IN, KY, LA, MD, ME, MS, NY, OH, PA, SC, TN, TX, and WA
  5. State Insurance Departments by Dentegra Insurance Company – AR, MD, MI, RI, SC, TX, VA, and WA
  6. State Attorneys Generals: AL, AR, CA, CO, CT, DC, FL, IN, IL, LA, MA, MD, ME, MT, NC, NE, NH, NJ, NY, OR, PR, SC, TX, VA, VT, and WA
  7. US Department of Health and Human Services, Office for Civil Rights, on behalf of Delta Dental of California and affiliates as the covered entity impacted 

To help relieve concerns and restore confidence following this incident, Delta Dental has secured the services of Kroll to provide identity monitoring at no cost to affected members for twenty-four months. Kroll is a global leader in risk mitigation and response, and their team has extensive experience helping people who have sustained an unintentional exposure of confidential data. Your identity monitoring services include Credit Monitoring, $1 Million Identity Fraud Loss Reimbursement, Fraud Consultation, and Identity Theft Restoration.

Visit https://enroll.krollmonitoring.com enroll in Kroll identity monitoring services, you will need the Membership Number provided in that letter. This is not your GEBA Member ID.

You have until May 8, 2024 to activate your identity monitoring services.

Exclusive Benefits from the Same Organization Your Peers Have Trusted Since 1957.

How Can We Serve You Today? Our Knowledgeable Member Services Staff Can Help!

Trust GEBA – Securing Feds’ Financial Futures for Over 65 Years

We want to assist you better. Help us help you.

Gain access to insurance and investment content.
PLUS receive personalized service and updates from GEBA.

Popup Form

We respect your privacy. Your information is safe and will never be shared. You can unsubscribe at any time.