Delta Dental of Virginia Data Breach Affects 146,000 Individuals
Delta Dental of Virginia has notified almost 146,000 members about a security incident that may have exposed their protected health information, and Saint Mary’s Home of Erie in Pennsylvania is investigating a network security incident that exposed residents’ sensitive information.
Delta Dental of Virginia
Delta Dental of Virginia, the largest dental benefits carrier in the Commonwealth of Virginia, has notified 145,918* individuals about an April 2025 security incident that exposed some of their personal and protected health information.
Suspicious activity was identified within an employee’s email account on April 23, 2025. Independent cybersecurity experts were engaged to investigate the activity, and unauthorized access to the email account was confirmed. The account was first accessed by an unauthorized third party on March 21, 2025, and access remained possible until the account was secured on April 23, 2025. During that time, certain emails and attachments within the account may have been viewed or acquired.
The account was reviewed, and notification letters started to be mailed to the affected individuals on November 21, 2025. The information potentially stolen included first and last names, Social Security numbers, state or federal government ID numbers, driver’s license numbers, financial information, and protected health information such as medical and health insurance information.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Delta Dental of Virginia has implemented additional safeguards to improve email security, and further security awareness training has been provided to the workforce. Individuals whose Social Security numbers or driver’s license numbers were potentially compromised have been offered complimentary credit monitoring, dark web monitoring, and identity theft protection services for 12 months. Those services include a $1 million identity theft and fraud reimbursement insurance policy. Several law firms have announced that they have opened investigations into potential class action litigation over the data breach.
* The Department of Health and Human Services’ Office for Civil Rights breach portal has been updated and shows that the breach involved the protected health information of 126,953 individuals.
Saint Mary’s Home of Erie
Saint Mary’s Home of Erie (SMHE), a non-profit continuing care retirement community in Erie, Pennsylvania, has recently announced a data security incident that was identified on August 27, 2025, prior to SMHE being acquired by the Lake Erie College of Osteopathic Medicine (LECOM).
The forensic investigation confirmed that an unauthorized third party had access to its network from August 26, 2025, to August 28, 2025. Immediate action was taken to secure its network to prevent further unauthorized access, and an investigation was launched to determine the nature and scope of the incident. The investigation determined that files and folders on its network may have been accessible to unauthorized individuals. The review of those files is ongoing, and the exact types of data involved and the number of affected individuals have yet to be confirmed.
In the interim, the breach was reported to the HHS’ Office for Civil Rights as involving the protected health information of at least 501 individuals. The total will be updated when the review is concluded, and notification letters will be mailed to the affected individuals.
