Zionsville-based Group 1001 reports ransomware attack

(Adobe Stock)

Zionsville-based insurance holding company Group 1001 Insurance Holdings LLC says all of its operating companies are back online following a ransomware attack, but it hasn’t publicly said how many individuals might have been impacted by that attack.

Group 1001 announced last week that several of its subsidiaries were back to “full functionality” following the Feb. 9 discovery of ransomware on the company’s IT infrastructure. The affected companies include Delaware Life Insurance Co., Delaware Life Insurance Co. of New York, Clear Spring Life and Annuity Co., Clear Spring Property and Casualty Co. and Clear Spring Health.

In response to an IBJ query, Group 1001 spokesman George Haj said via email that the company’s investigation into the breach is ongoing, “including determination of the types of information involved. Once we understand the scope, we will notify any impacted parties directly.”

Group 1001 is also the corporate parent of Gainbridge Insurance Agency LLC—the company whose name is on the Indiana Pacers’ fieldhouse—but Group 1001 did not name Gainbridge as having been affected by the ransomware attack.

Haj said Group 1001 discovered the breach when “some of our Group 1001 Insurance member companies experienced system interruptions caused by the existence of sophisticated ransomware on our information technology infrastructure.”

Group 1001 said that it launched an investigation, reported the breach to the FBI and disconnected the affected systems from its network to contain the threat.

The company said last week that it had fully resumed its normal operations and that it was once again safe to contact the company via email, its website portals and call centers.

In its own statement on Thursday, the insurance ratings agency AM Best said it has not changed the ratings of the affected Group 1001 subsidiaries because the disruptions caused by the ransomware attack have not been material to the companies’ credit profile.

“AM Best recognizes that the situation remains highly fluid and will continue to monitor developments,” the ratings agency said in a prepared statement.

Group 1001 said it has deployed additional endpoint detection and monitoring tools to improve security and visibility, and “there will be a number of other infrastructure enhancements to continuously strengthen the security posture of Group 1001’s network and systems in the days, months and years ahead.”

Group 1001 noted that it did not pay a ransom to the cyberattackers.

Please enable JavaScript to view this content.

Story Continues Below

Editor's note: You can comment on IBJ stories by signing in to your IBJ account. If you have not registered, please sign up for a free account now. Please note our updated comment policy that will govern how comments are moderated.