Cyber Incident Victim: Indian Creek Foundation
Date:
Feb 2021
Location:
United States of America
Summary
Indian Creek Foundation experienced a ransomware attack that encrypted portions of its network, leading to potential unauthorized access or removal of sensitive data. The organization promptly isolated affected systems, initiated an investigation with third-party forensic specialists, and conducted an extensive review to identify impacted individuals and data types, which included names, Social Security numbers, driver’s licenses, health insurance details, medical treatment information, and financial account data. Federal law enforcement and regulatory authorities were notified, and the foundation implemented enhanced security measures while offering complimentary credit monitoring and identity restoration services to affected individuals.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 5 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On February 6, 2021, Indian Creek Foundation (ICF) discovered malware had encrypted portions of its computer network. The organization, which provides services to 1,200 individuals with intellectual disabilities and Autism, immediately took affected systems offline and initiated containment measures. ICF engaged third-party forensic specialists to investigate the incident’s nature and scope, confirming unauthorized access or removal of certain folders from its systems occurred on the same date. A comprehensive review of potentially impacted folders commenced to identify affected information and individuals. By April 15, 2021, ICF enlisted a third-party firm to conduct programmatic and manual reviews of the data, while simultaneously performing internal database examinations. On July 14, 2021, ICF first determined that protected information related to individuals was present in the compromised folders. The organization continued reconciling records until August 24, 2021, when it finalized the scope of impacted individuals and associated data types.
The compromised systems contained varying combinations of sensitive information including names, Social Security numbers, driver’s license numbers, health insurance details, medical treatment/diagnosis records, and financial account information. ICF notified federal law enforcement and relevant regulatory authorities following the investigation. The organization implemented enhanced security policies, procedures, and safeguards to prevent recurrence. Affected individuals received notifications after August 24, 2021, with ICF offering complimentary credit monitoring and identity restoration services. A dedicated assistance line and email address were established for inquiries, alongside mailed notifications to the Souderton, Pennsylvania address. ICF advised vigilance through monitoring account statements, explanation of benefits, and credit reports for suspicious activity. No evidence of actual misuse of the exposed data was reported in the notification.