NY Fines Delta Dental $2.25M Over 2023 MOVEit Hack

A $2.25 million fine has been imposed on Delta Dental by New York for its handling of a 2023 cyberattack exploiting a zero-day vulnerability in Progress Software's MOVEit file transfer application. The attack, which occurred over Memorial Day, affected thousands of organizations, including Delta Dental, due to the automated nature of the exploit. Investigators found that Delta Dental violated state cyber regulations in its response to the incident. The zero-day exploit meant that the vulnerability was being utilized by attackers before a patch was available, putting defenders at an immediate disadvantage¹. This incident highlights the importance of proactive cybersecurity measures, as the lack of a patch left organizations vulnerable to attack. The fine serves as a reminder to organizations to prioritize compliance with state cyber regulations to mitigate the risk of such incidents. So what matters to practitioners is that this incident underscores the need for swift and effective incident response to minimize the impact of zero-day exploits.