AM Best Comments on Credit Ratings of Certain Group 1001 Insurance Holdings, LLC
Subsidiaries Following Ransomware Attack
FOR IMMEDIATE RELEASE
CONTACTS: Erik Miller, CFA Christopher Sharkey
Director Manager, Public Relations
+1 908 439 2200, ext. 5187 +1 908 439 2200, ext. 5159
[email protected] [email protected]
Michael Lagomarsino, CFA, FRM Al Slavin
Senior Director Senior Public Relations Specialist
+1 908 439 2200, ext. 5810 +1 908 439 2200, ext. 5098
[email protected] [email protected]
AM Best Comments on Credit Ratings of Certain Group 1001 Insurance Holdings, LLC Subsidiaries Following Ransomware Attack
OLDWICK, N.J., March 2, 2023—AM Best
has commented that the Credit Ratings (ratings) of certain Group 1001 Insurance Holdings, LLC’s rated subsidiaries remain unchanged following the parent company’s disclosure that it sustained a cybersecurity attack that caused a network disruption and impacted certain systems.
According to the company, the following subsidiaries experienced system interruptions but are now back to full functionality: Delaware Life Insurance Company, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity Company and Clear Spring Property and Casualty Company.
AM Best was notified of a cyber security ransomware attack that occurred against Group 1001 beginning in early February. Group 1001 has engaged with law enforcement and regulatory agencies following the attack. Group 1001 did not pay the ransomware and believes all systems have been cleaned and validated. Currently, Group 1001 believes the impact to business interruption was minimal and currently day-to-day operations have resumed as normal.
AM Best currently believes that the disruption caused by the ransomware attack has not reached a level that is material to the credit profile of the enterprise. AM Best recognizes that the situation remains highly fluid and will continue to monitor developments.
This press release relates to Credit Ratings that have been published on AM Best’s website. For all rating information relating to the release and pertinent disclosures, including details of the office responsible for issuing each of the individual ratings referenced in this release, please see AM Best’s Recent Rating Activity
web page. For additional information regarding the use and limitations of Credit Rating opinions, please view Guide to Best's Credit Ratings.
For information on the proper use of Best’s Credit
Ratings, Best’s Performance Assessments, Best’s Preliminary Credit Assessments and AM Best press releases, please view Guide to Proper Use of Best’s Ratings & Assessments.
AM Best is a global credit rating agency, news publisher and data analytics provider specializing in the insurance industry. Headquartered in the United States, the company does business in over 100 countries with regional offices in London, Amsterdam, Dubai, Hong Kong, Singapore and Mexico City. For more information, visit www.ambest.com.
Copyright © 2023 by A.M. Best Rating Services, Inc. and/or its affiliates. ALL RIGHTS RESERVED.
Group 1001 Insurance Units Resume Full Operations after Ransomware Attack
UPDATE TO RECENT SYSTEM INTERRUPTIONS:
March 1, 2023 - Group 1001, Inc. would like to provide an update to our stakeholders concerning recent system interruptions experienced by certain Group 1001 Insurance member companies, including Delaware Life Insurance Company, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity Company, Clear Spring Property and Casualty Company, and our Clear Spring Health business. We are pleased to report that all of our companies are back to full functionality.
Containment & Remediation
- Beginning on February 9, 2023, we were alerted to the existence of sophisticated ransomware on our information technology infrastructure.
- We immediately launched an investigation to determine the full scope of the incident, and a team of third-party forensic experts was engaged to assist in the investigation, which is ongoing.
- Based on our investigation to date, our forensic experts have confirmed that the ransomware code deployed in our environment has been contained and will not spread to any other internal or external systems.
- We have alerted the FBI and will continue to provide information regarding the incident as they investigate.
- We did not pay a ransom.
- We took immediate action by proactively disconnecting systems from our network to contain the threat and prevent additional systems from being affected.
- Along with our forensics experts, our team scanned systems for indicators of compromise and remediated any identified indicators of compromise.
- In addition, we deployed additional advanced endpoint detection and monitoring tools on our newly restored systems for an added layer of security and visibility across our network.
- All systems were validated as clean by conducting additional scans before they were brought back online.
- We have been, and continue to be, in communication with our regulators about this incident.
- There will be a number of other infrastructure enhancements to continuously strengthen the security posture of Group 1001’s network and systems in the days, months, and years ahead.
- While our investigation is ongoing, we are confident that the attack has now been successfully contained.
- We have fully resumed normal operations.
- The security of our information and that of our contract holders and other stakeholders is important to us. Once our investigation is complete, we will notify any impacted parties as appropriate.
We want to confirm that it is safe to conduct business with us and to communicate with us via e-mail, our website portals, and our call centers. We apologize for any inconvenience and genuinely appreciate your patience and understanding as we worked vigorously to fully restore our computer networks.
For further questions about this incident, please e-mail our incident response team at: [email protected]