Group 1001 Insurance Units Resume Full Operations after Ransomware Attack

March 1, 2023 - Group 1001, Inc. would like to provide an update to our stakeholders concerning recent system interruptions experienced by certain Group 1001 Insurance member companies, including Delaware Life Insurance Company, Delaware Life Insurance Company of New York, Clear Spring Life and Annuity Company, Clear Spring Property and Casualty Company, and our Clear Spring Health business. We are pleased to report that all of our companies are back to full functionality.

Incident Overview

  1. Beginning on February 9, 2023, we were alerted to the existence of sophisticated ransomware on our information technology infrastructure.
  2. We immediately launched an investigation to determine the full scope of the incident, and a team of third-party forensic experts was engaged to assist in the investigation, which is ongoing.
  3. Based on our investigation to date, our forensic experts have confirmed that the ransomware code deployed in our environment has been contained and will not spread to any other internal or external systems.
  4. We have alerted the FBI and will continue to provide information regarding the incident as they investigate.
  5. We did not pay a ransom.

Containment & Remediation

  1. We took immediate action by proactively disconnecting systems from our network to contain the threat and prevent additional systems from being affected.
  2. Along with our forensics experts, our team scanned systems for indicators of compromise and remediated any identified indicators of compromise.
  3. In addition, we deployed additional advanced endpoint detection and monitoring tools on our newly restored systems for an added layer of security and visibility across our network.
  4. All systems were validated as clean by conducting additional scans before they were brought back online.
  5. We have been, and continue to be, in communication with our regulators about this incident.
  6. There will be a number of other infrastructure enhancements to continuously strengthen the security posture of Group 1001’s network and systems in the days, months, and years ahead.


  1. While our investigation is ongoing, we are confident that the attack has now been successfully contained.
  2. We have fully resumed normal operations.
  3. The security of our information and that of our contract holders and other stakeholders is important to us. Once our investigation is complete, we will notify any impacted parties as appropriate.

We want to confirm that it is safe to conduct business with us and to communicate with us via e-mail, our website portals, and our call centers. We apologize for any inconvenience and genuinely appreciate your patience and understanding as we worked vigorously to fully restore our computer networks.

For further questions about this incident, please e-mail our incident response team at: [email protected]