- Dover-based Delaware Guidance Services for Children and Youth is notifying about 50,000 parents and guardians that their child’s data was impacted during a December ransomware attack.
On December 25, DGS discovered ransomware on its data servers, which encrypted patient records that “could not be opened.” Officials said they were “required” to pay the ransom in exchange for the decryption key to unlock the files.
The files stored on the server contained patient names, Social Security numbers, medical data, addresses, and birth dates. DGS hired an external IT team to conduct a forensics analysis to determine if records were accessed or exfiltrated and found no evidence of compromise.
“We nonetheless thought it prudent to advise you of this situation, as we are keenly aware of how important your personal information is to you,” officials said in a statement.
DGS will also provide those patients with a year of free credit monitoring and reporting services. Law enforcement was also contacted.
The notice did not explain why the provider did not restore the files from backups, nor how much was paid in ransom. It’s important to note that the FBI, the Department of Health and Human Services, and the majority of security leaders all stress that it’s important to not pay ransoms to hackers.
Most recently, Columbia Surgical Specialists of Spokane reported they paid the hackers about $14,000 during a ransomware attack so they could “immediately begin proceed unlocking the data.” Officials said they were concerned for patient care, as there were surgeries planned just hours after the attack.
Joel DeCapua, FBI Supervisory Special Agent of its Cyber Crimes Division recently told security firm Symantec: “First of all, that money is then used to proliferate this activity. You’re paying these bad actors to target other people. Second, organizations that pay a ransom think their problems are over.”
“But a lot of times there’s a lot of nasty malware left on their systems that they don’t know about,” he added. “You can pay, but there’s still malware on there, re-infecting the system or stealing information.”