For companies subject to the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, the agency’s recent settlement with Delta Dental Insurance Company and Delta Dental of New York, Inc. (collectively, Delta Dental) serves as a reminder that gaps in data governance and incident reporting can carry significant enforcement consequences. The NYDFS imposed a $2.25‑million fine on Delta Dental after alleging it failed to maintain required data retention controls and to timely report a breach. This article examines key aspects of the consent order and offers practical compliance lessons, drawing on insights from experts, including former NYDFS officials, at Clifford Chance, Crowell & Moring, Mayer Brown and Pillsbury. See “Practical Compliance Implications From NYDFS’ Healthplex Settlement” (Sep. 17, 2025).