Delta Dental of Virginia, a non-profit dental benefits organization based in Roanoke, has announced a significant data breach affecting approximately 145,918 individuals.
The unauthorised access to an external system exposed sensitive personal information, marking one of the more substantial healthcare data incidents affecting Virginia residents this year.
The security breach occurred on March 21, 2025, but remained undetected for several months.
The organization did not discover the unauthorized access until August 22, 2025, a gap of five months between the initial compromise and detection.
This delayed discovery is notable, as it allowed potential threat actors extended access to affected customer data during this period.
In accordance with standard data breach notification protocols, Delta Dental of Virginia began notifying affected individuals on November 21, 2025.
The notification process included written communications to impacted customers and regulatory authorities, including the Maine Attorney General’s office, which received a formal notice after 222 Maine residents were among those affected.
Information Compromised in the Incident
The external system breach resulted in the unauthorized acquisition of personal identifiers combined with additional sensitive information held within Delta Dental’s systems.
While the organization has not publicly disclosed the complete scope of data elements accessed, such breaches typically expose names, addresses, Social Security numbers, insurance information, and potentially dental treatment records.
The 145,918 affected individuals span multiple states, with Maine representing a smaller subset of the total victim population.
The notification filed with Maine’s Attorney General indicates that 222 Maine residents had their information compromised in this incident.
Recognizing its responsibility to affected customers, Delta Dental of Virginia is offering complimentary identity theft protection and credit monitoring services through TransUnion.
These services provide comprehensive protection to affected individuals, including credit monitoring, identity theft detection, and remediation support.
Customers affected by the breach can access these protective services to help mitigate potential risks arising from the exposure of their personal information.
This proactive approach demonstrates the organisation’s commitment to supporting those affected during this security incident.
The breach notification was formally submitted to Maine’s regulatory authorities by attorney Lindsay Nickle of Constangy, Brooks, Smith & Prophete, LLP, who is serving as counsel for Delta Dental of Virginia.
The formal notice to Maine residents is available through the state’s Attorney General’s office. It contains detailed information about the breach and available remediation resources.
This incident underscores the ongoing vulnerability of healthcare and insurance organizations to external cyber attacks.
The five-month detection window highlights the importance of robust security monitoring and threat detection capabilities.
Healthcare organisations handling sensitive patient information must implement comprehensive security controls, conduct regular vulnerability assessments, and maintain continuous monitoring systems to identify and respond to unauthorised access more effectively.
Affected individuals are encouraged to monitor their credit reports, consider placing fraud alerts, and take advantage of TransUnion’s complimentary identity theft protection services to help protect themselves from potential identity theft or fraudulent activity resulting from this breach.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.