How Much Damage Could Really Happen in Nine Years, Anyway?

How Much Damage Could Really Happen in Nine Years, Anyway?

by ih-coc admin

A hack that took place back in 2010 couldn’t possibly affect you today, nine years later, could it? Unfortunately, the answer is a resounding yes. Dominion National is an insurance company based in Virginia that deals in health plans and dental and vision benefits packages. Hackers gained access to its servers in 2010.

It’s only now, in 2019, that the breach was officially discovered - this past April, in fact.

When data breaches go for weeks or even months without being discovered, it’s bad enough. But what happens when nine whole years go by before the breach is detected? What should customers know?

How Dominion National Customers Are Affected

The investigation of the Dominion National data breach determined that the people most at risk are current and former customers, as well as any health providers themselves that offer Dominion National plans to their clients. That’s a pretty huge impact over the space of nine years. Just to give one example, in the state of Delaware alone, the Delaware Department of Insurance said the incident could affect 10% of the state's entire population.

The information that was accessed includes names, addresses, emails, subscriber identification numbers, Social Security numbers, dates of birth and other details specific to the person's relationship to the insurance company, such as their group identification number. It’s even worse news for anyone who used Dominion National's online enrollment feature as, according to the company, those customers may also have had their bank account and routing number information compromised.

Dominion National’s Response to the Data Breach

Since the discovery, all affected individuals have been notified and offered two years’ membership to credit monitoring and identity theft protection services. Dominion National has since cleaned all affected servers and has enhanced its monitoring and alerting software. This is all fine and dandy, but after nine years, it may very well be too little too late for many people. According to the summary published on the HHS’ Office for Civil Rights Breach Portal, 2,964,778 plan members have had their PHI exposed.

Dominion National’s Liability

At the time of writing this, it’s unknown if Dominion National will be held legally accountable. It’s not even precisely known when the data breach was “actually” discovered. One has to imagine however, that a more strict adherence to HIPAA regulations could have softened or even outright prevented this disaster. What makes this data breach stand out from others is the sheer length of time that passed between the original hack and the alleged knowledge of said attack. It’s difficult to gauge how much damage has really been caused as a result. With so many people affected, it boggles the mind why this wasn’t discovered - and corrected - in a more timely manner.

If nothing else, it’s been an absolute public relations nightmare for this company. If you wish to avoid a similar scandal, you would do well to follow the common sense practices that have been put into writing. And despite the tone of today’s article, if you lack an understanding of those practices, we’re not here to shame you. We’re here to help you. Contact us today for a free, initial consultation, by phone at 800-733-6379 or by email at info@cchipaa.com