Cyber Incident Victim: Family Tree Relief Nursery

In June 2018, unauthorized individuals gained access to the computer systems of Family Tree Relief Nursery, an Albany-based nonprofit organization. The breach persisted through August 2018, culminating in a ransomware attack that encrypted the organization's systems in late August. This malicious software temporarily prevented staff members from accessing critical client information stored on compromised computers. The intrusion remained undetected until the ransomware activation disrupted operations. Executive Director Renee Smith publicly disclosed the incident after forensic investigation confirmed both the unauthorized access period and the ransomware event. On November 15, 2018, the organization initiated notification procedures by mailing letters to approximately 2,000 affected clients whose information resided on the breached systems.

The ransomware attack caused operational disruption by blocking staff access to client records essential for daily service delivery. While the specific data types accessed weren't detailed, Smith advised impacted individuals to review their health records, billing statements, and financial account activities for discrepancies. Clients were also encouraged to monitor credit reports for unusual activity indicating potential misuse of personal information. Family Tree established a dedicated toll-free call center (888-299-1145) to address client inquiries about the breach. No information was provided regarding ransom payment, data recovery methods, or whether law enforcement was involved in the investigation. The organization's public disclosure occurred nearly three months after resolving the immediate ransomware encryption incident.