Delaware Guidance Services acknowledges ransomware incident, notifies 50,000 parents and guardians

• The non-profit organization sent letters to parents affected in the ransomware attack it suffered in December last year.
• The letter also mentions that the organization paid a ransom to recover important records which were encrypted.

Delaware Guidance Services (DGS), a charitable organization which offers mental health services for children and youth, has issued letters to around 50,000 parents and guardians notifying them of a ransomware incident.

DGS was hit by the attack back on December 25, 2018. Patient records containing personal information were locked as a result of the encryption performed by the ransomware.

Worth noting

• The personal information impacted includes names, addresses, date of birth, social security number and medical information.
• The letter mentions that DGS was required to pay a ransom in exchange for a decryption key to recover the records.
• DGS employed an IT security firm to investigate the attack and conclued that there were no indicators of any data compromise.
• The organization has promised to provide free credit monitoring and reporting services for one year to those affected by the attack.
• DGS has partnered with IDExperts to offer this credit monitoring service.

Reason for paying ransom not listed

DGS did not disclose why it chose to pay the ransom nor offer more information on the nature of the attack. The letter merely acknowledged the security incident and mentions details on a surface level. Only further investigation can reveal the cause of the attack in depth.

Finally, the organization has advised all its members to review their financial and credit reports for any suspicious activity and has also put out a helpline to report these activities.