Cyber Incident Victim: NYSARC Columbia County Chapter
Date:
Jul 2022
Location:
United States of America
Summary
NYSARC Columbia County Chapter experienced a ransomware attack that triggered immediate containment efforts, including system disconnection and engagement of cybersecurity professionals alongside law enforcement. The ongoing investigation suggests potential exposure of sensitive personal information, such as names, addresses, social security numbers, dates of birth, state identification numbers, and limited health data belonging to clients. While specific data categories impacted per individual remain unconfirmed pending the investigation's completion, the organization plans to issue tailored notifications once affected parties are identified.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 19, 2022, NYSARC Columbia County Chapter (NYSARC) detected irregular activity on their systems consistent with a ransomware attack. The organization responded immediately by initiating remediation efforts, which included disconnecting affected systems to contain the incident. NYSARC engaged external data security and privacy experts to assist with the investigation and recovery process while simultaneously notifying law enforcement authorities about the breach. Due to the complexity of the attack, the forensic investigation remained ongoing at the time of their public disclosure, preventing definitive conclusions about the full scope and nature of compromised data. The organization opted to issue a precautionary notice despite the incomplete investigation, acknowledging the possibility that sensitive personal information might have been accessed or exfiltrated during the incident.
Based on NYSARC's standard data collection and retention practices, the potentially affected information categories included names, addresses, dates of birth, Social Security numbers, and other state identification numbers. Limited health information related to clients might also have been impacted, though the organization emphasized that not all data categories applied uniformly to every individual. Specific details about which data elements were actually compromised remained undetermined as the investigation continued, with no confirmation yet about which individuals were affected or the precise scope of data exposure. NYSARC committed to mailing individualized notification letters to affected parties once the investigation conclusively identified impacted persons and data types. The organization maintained ongoing coordination with cybersecurity professionals and law enforcement throughout the response process while working to restore normal operations following system disconnections implemented during containment. No further details about the ransomware variant, threat actors, or ransom demands were disclosed in the initial public statement.