Erie Insurance coverage and Philadelphia Insurance coverage Nonetheless Recovering From Separate Assaults
Statements by Erie Indemnity Co. and Philadelphia Insurance coverage Corporations point out that voluntary choices to disconnect their techniques from the community – not ransomware encryption – have disrupted operations over the previous 10 days because the carriers have been hit with separate cyberattacks.
See Additionally: SASE and Zero Belief: The Spine of Built-in Safety (eBook)
Each are persevering with to warn prospects of potential electronic mail and cellphone scams tied to their incidents.
Erie Indemnity – which does enterprise as Erie Insurance coverage – had filed a report to the U.S. Securities and Trade Fee on June 11 telling regulators it was coping with a cyber incident found on June 7 (see: Erie Insurance coverage Tells SEC It is Responding to Cyber Incident).
The corporate, in its newest public replace in regards to the incident on Tuesday, mentioned it continues to “work across the clock to revive entry for purchasers, brokers and staff.”
“Right now, we now have management of our techniques,” Erie Insurance coverage mentioned. “We have now seen no proof of ransomware, and there’s no indication of ongoing risk actor exercise,” the corporate mentioned.
“Upon detecting unauthorized exercise, we took speedy motion to comprise the problem and have since carried out further safety measures to additional strengthen our techniques.”
Erie Insurance coverage can be persevering with to warn its prospects about potential cellphone and electronic mail scams associated to the incident.
“We encourage prospects to comply with greatest practices round private safety and notify their monetary establishments of any uncommon exercise,” Erie mentioned. “Throughout this outage, Erie Insurance coverage won’t contact prospects by cellphone or electronic mail to request funds. As at all times, don’t click on on any hyperlinks from unknown sources or share your private info by way of cellphone or electronic mail.”
Whereas the corporate’s “protecting actions” are ongoing, Erie Insurance coverage’s native brokers, claims and buyer care groups are persevering with to serve prospects, the assertion mentioned.
As of Thursday, at the very least two proposed federal class motion lawsuits had been filed towards Erie Insurance coverage involving the hack.
Equally, Philadelphia Insurance coverage Corporations – which additionally contains Tokio Marine America and First Insurance coverage Firm of Hawaii – additionally mentioned in an replace Tuesday that it’s working to revive full performance following its latest community outage.
“Late on Monday, June 9, our IT safety staff acquired an alert concerning suspicious exercise on our community,” Philadelphia Insurance coverage mentioned.
“In response, we selected to disconnect the community to comprise the risk. The community shutdown triggered a disruption to our operations, which we’re within the means of resolving. We have now reported the incident to regulation enforcement and have engaged third-party forensic consultants to help us,” the corporate mentioned. No techniques have been encrypted within the incident. “This was not a ransomware occasion,” the corporate mentioned.
“The community shutdown broadly impacted all firm techniques, together with electronic mail, cellphone and on-line purposes. The community shutdown was essential to comprise the risk and defend firm techniques and information,” Philadelphia Insurance coverage mentioned.
A forensic investigation is ongoing, together with to find out if buyer information was accessed, Philadelphia Insurance coverage mentioned.
“At this level, all of our techniques have been secured and we’re working to revive full performance. Our claims hotlines stay obtainable, and our customer support facilities are resuming operations.”
Like Erie Insurance coverage, Philadelphia Insurance coverage can be warning prospects of potential rip-off cellphone calls and emails. “As a precaution, we’re reminding all prospects to train warning when receiving any unsolicited emails or cellphone calls asking for private info. Clients mustn’t click on on hyperlinks from unknown sources.”
Clients that obtain suspicious calls or different correspondence are urged to not present any info and to contact Philadelphia Insurance coverage’s customer support workers.
“The corporate is already taking steps to additional strengthen its defenses and scale back the chance of future threats,” Philadelphia Insurance coverage mentioned.
Assault Tendencies
The 2 corporations’ statements that to this point neither Erie Insurance coverage nor the Philadelphia Insurance coverage have discovered proof of ransomware encryption suggests the assaults as a substitute doubtlessly concerned information theft, some consultants mentioned.
“The opportunity of information exfiltration stays a priority, as risk actors can leverage stolen information for numerous malicious actions,” mentioned Peter McMurtrie, a associate in consulting agency West Monroe’s insurance coverage observe.
However presently, the precise motives of the cybercriminals are unknown, mentioned Keith Fricke, associate and principal advisor at tw-Safety. “They could have meant to exfiltrate information for functions of extortion. They might have additionally been serious about stealing information for id theft functions or offered the knowledge to a different felony aspect,” he mentioned.
“Insurance coverage corporations have a wealthy set of knowledge criminals can use for id theft, medical id theft, electronic mail addresses, probably bank card information and different helpful info,” he mentioned.
In any case, the potential variety of people affected could possibly be within the thousands and thousands, given the dimensions of each insurance coverage corporations and the huge quantity of delicate information they handle, McMurtrie mentioned.
By specializing in information exfiltration, cybercriminals can obtain related, if even better, leverage and profitability with much less technical effort than ransomware encryption and a decrease danger of detection or disruption, McMurtrie mentioned.
“That mentioned, I might warning towards overstating the decline of ransomware encryption. It stays a extremely worthwhile tactic for a lot of risk actors. The shift in the direction of information exfiltration is an adaptation and an extra tactic inside the evolving panorama of cybercrime.”
Within the cyberattack on well being insurer UnitedHealth Group in February 2024, attackers deployed ransomware on UHG’s IT service’s unit Change Healthcare’s techniques. The corporate took greater than 100 techniques offline to comprise the unfold of malware, leading to an outage that lasted for a number of months.
That incident additionally concerned information exfiltration, ensuing within the largest reported well being information breach to this point – affecting 190 million people.
Steps to Take
To be higher ready for such incidents, insurance coverage corporations ought to guarantee they’ve well-defined incident response and enterprise continuity plans in place, McMurtrie mentioned.
“These plans needs to be communicated clearly throughout the group and examined frequently,” he mentioned. “Actual-world incidents like what occurred with Erie and Philadelphia Insurance coverage can function glorious situations to check the standard of plans to handle each potential breaches and guarantee preparation for an prolonged interval of system downtime.”
Defenses towards falling sufferer to these kinds of incidents “comes all the way down to all the final safety block and – preventative measures,” Fricke mentioned.
That features electronic mail and net filtering; endpoint safety towards malicious software program; making certain delicate information are encrypted; sustaining present safety patches on working techniques, databases and purposes; detective measures comparable to occasion log assortment and evaluation; across the clock monitoring and alerting on suspicious exercise, he mentioned.
Organizations ought to periodically rehearse incident response plans, back-up information frequently and check restores, and supply constant training and consciousness for the workforce on methods to determine suspicious exercise, spot and report phishing emails and perceive safety and privateness insurance policies, Fricke mentioned.
“Occasions like these reinforce the significance of frequently testing and operating situations – one thing organizations needs to be doing constantly,” McMurtrie mentioned.
