NCH Corporation based in Irving, TX, a global marketer of maintenance products, submitted a report concerning an alleged ransomware attack. The company detected suspicious network activity inside its networks on March 5, 2021, that made some systems inaccessible.
NCH took steps to prohibit further unauthorized access and re-establish its systems. Based on the investigation, the attackers possessed access to some areas of its network from March 2 to March 5, 2021 and in that period there was an unauthorized access to selected files kept on its file servers. It wasn’t possible to determine which files the attacker accessed, therefore notifications were sent to all persons who had their data potentially exposed. The analysis of the files was finished on June 29, 2021. The files included the names of selected present and past workers and their dependents, together with driver’s license numbers and Social Security numbers.
The provider sent notification letters on July 29, 2021 and impacted individuals received credit monitoring and identity theft protection services for free.
The submitted breach report to the HHS’ Office for Civil Rights included the fact that around 11,427 people were impacted.
Renaissance Life & Health Insurance Co. Members Impacted by Ransomware Attack at a Business Associate
A vendor employed by Renaissance Life & Health Insurance Co. has encountered a ransomware attack wherein the protected health information (PHI) of a number of its members was likely breached.
Renaissance Life & Health Insurance utilized Secure Administrative Solutions (SAS) as a provider of claims processing services. SAS discovered abnormal activity inside its IT system on April 15, 2021, and promptly started an investigation. On May 25, 2021, SAS found out that some data might have been extracted from its IT systems, such as names, addresses, agent license numbers and Social Security numbers.
The attackers got access to its IT networks from March 15 to April 15, 2021. Although SAS didn’t state in its breach notifications the nature of the attack, Renaissance Life & Health stated ransomware was used and SAS had gotten promises that data stolen from the attack were deleted by the attacker, meaning the company likely paid the ransom. SAS also mentioned in its notification letter about the restoration of data from secured backups.
SAS additionally explained it performed an organization-wide global password reset, applied more strict password difficulty specifications, and given all users with another PC and training on upgraded network security practices and guidelines.
Impacted people got offers of credit monitoring and identity theft protection services for free for one year.