Dive Brief:

• Group 1001 said its member companies have fully restored operations following a ransomware attack on its information technology systems in February.
• The Feb. 9 attack disrupted operations at several member companies, including Delaware Life Insurance; Delaware Life Insurance Company of New York; Clear Spring Life and Annuity; Clear Spring Property and Casualty; and Clear Spring Health. 
• The company notified regulators and the FBI as well as hired outside forensics experts to help investigate the attack. An initial investigation found the attack was contained and no additional systems were impacted. The company also said it did not pay a ransom. 

Dive Insight:

“Some of our Group 1001 Insurance member companies experienced system interruptions caused by the existence of sophisticated ransomware on our information technology infrastructure,” a company spokesperson said in a statement. 

The company’s Gainbridge subsidiary was not affected by the incident.

Group 1001 proactively disconnected systems following the attack to protect additional systems from being affected.

Company officials worked with the outside forensics team to scan for indicators of compromise and remediated any identified IOCs. Officials then added a new layer of advanced endpoint detection and monitoring tools. 

The company plans to make additional enhancements to develop a more robust security posture.

The company did not provide any details of how many customers were impacted, however said it would contact affected parties once the investigation is completed. The spokesperson confirmed the investigation is ongoing. 

Group 1001 said it is now safe to conduct business through its website, call center and via email. 

AM Best's credit rating for Group 1001 remains unchanged and it believes the attack did not have a material impact on the company.