Delaware Guidance pays ransom to get its records back

Register now

A Wilmington-based provider of social and behavioral health services contends it paid a digital ransom to unlock records encrypted by ransomware.

Delaware Guidance Services executives say the December 2018 attack affected its data servers, encrypting records that could not be opened.

To secure release, the organization paid an undisclosed amount of ransom and received a de-encryption key that unlocked the records.

“We engaged an information technology firm to review our systems and conduct a forensic analysis to help us determine whether any of our records have been improperly accessed or used by an unauthorized individual,” the organization told its 50,000 affected clients. “While there is no indication that data has been compromised, we nonetheless thought it prudent to advise you of this situation, as we are keenly aware of how important your personal information is to you.”

Also See: 600,000 affected by huge data breach in Michigan

Delaware Guidance Services is offering affected individuals one year of credit monitoring and reporting services from MyIDCare, which is being administered through IDExperts to watch for and report unusual credit activity, such as creation of new accounts in patients’ names.

Patients also were told that if they suspect they are victims of identity theft, to notify applicable financial institutions and police, and also submit a complaint with the Federal Trade Commission. The organization further explained how patients can contact the three credit rating agencies and request they place a security freeze or fraud alert on their credit files, as well as getting free credit reports from the agencies. “Checking your credit reports periodically can help you spot problems and address them quickly,” Delaware Guidance Services advised.

“We sincerely apologize and regret that this situation has occurred, the organization concluded. Delaware Guidance Services is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy.”

For reprint and licensing requests for this article, click here.