The Nevada Division of Insurance website and several other state agency systems were taken offline after a ransomware incident was identified on Aug. 24.
The Office of Emergency Management (OEM) reported that teams isolated and shut down certain systems to contain the threat, and restoration efforts are ongoing in phases to ensure security.
The OEM stated that the incident is under investigation, with confirmation that some data was moved outside the state’s network. Authorities are working to determine the extent of the data involved. If personal information is found to be affected, the state will notify impacted individuals in accordance with Nevada law.
Despite the outage in Nevada, the OEM reported that health programs remain operational. Medicaid and public employee benefits are being processed, and payments to providers are continuing.
The Division of Insurance is providing limited services during the outage. The OEM noted that third-party licensing and company processes are not affected, but there may be delays in intake.
Product compliance filings can still be submitted through the System for Electronic Rate and Form Filing (SERFF), and consumers are able to submit paper complaints in person at the division’s Carson City and Las Vegas offices.
The Nevada Department of Business and Industry, which oversees the insurance regulator, is serving the public based on available resources and systems. The OEM said that the director’s office executive staff can be reached via email, though some phone systems are experiencing disruptions.
Cyberattacks against the insurance industry
The insurance industry has seen a series of cyberattacks this year, highlighting the broader risk environment. In June, Aflac, one of the largest insurance companies in the United States, reported a breach in which hackers potentially accessed Social Security numbers, insurance claims, and health information.
That same month, Erie Insurance and Philadelphia Insurance Companies also experienced cyber incidents that disrupted IT systems and customer service. These attacks were linked to the same cybercrime group targeting Aflac, and investigators noted the use of social engineering tactics to gain network access.
Last month, Farmers Insurance also disclosed that more than 1 million customers were affected by a data breach involving a third-party vendor. The breach exposed names, dates of birth, driver’s license numbers, and partial Social Security numbers.