The National Insurance Board issued a public statement acknowledging a ransomware attack on the state agency’s digital infrastructure.

The statement reads…

The public is advised that ALL offices of the National Insurance Board of Trinidad and Tobago (NIBTT) will be closed from Wednesday 27th to Friday 29th December 2023.

The company is currently assessing our systems after having experienced a ransomware attack on Tuesday 26th December 2023.
All steps are being taken to protect our data integrity and technology hardware. We are also continuing to diligently work with our external technology partners to expeditiously resolve this matter.

The NIBTT has reported the incident to the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) under the Ministry of National Security, and we are working with this team toward a resolution.

The NIB has issued no clarification of the scope of the attack and to what extent the services of the NIB will be affected as a result of the security breach. The NIB provides a range of services, including pension assessments and payments, death benefits and insurance to cover loss of earnings to an estimated 634,381 customers in Trinidad and Tobago.

The NIB was empowered by the proclamation of TT’s Act No. 35 of 1971. The state agency has been facing a growing imbalance between the revenue it brings in through employment contributions and the payments it is committed to pay to its insured customers. According to the NIBTT website, the agency’s chairman is Mervyn M. De Souza and its executive director is Lennox R.H. Paul.

In February 2022, the company told NewsdayTT that it was in the procurement phase of a planned digital transformation effort.

In the Second Report of the Joint Select Committee on Local Authorities, Service Commissions and Statutory Authorities, laid in the House of Representatives on November 24, 2021, the NIBTT stated its cybersecurity posture as follows…

The NIBTT uses the following systems and processes to safeguard information submitted digitally or via the internet…
 
 1) Up to date software. The NIBTT operates are far as possible system that are updated with software provider security patches. In instance where patches cannot be installed due to operations requirements further safety measures have been put in place. 
 
2) Thumb drive restrictions. The use of thumb drives and other portable media across the organisation that increase the likely hood of the introduction of malware and cyber security threats have been restricted across the organisation. 
 
3) Restricted Internet Access. The NIBTT uses internet filtering. Internet access is available to defined persons within the organisation who require access to perform their duties. Access to the internet is managed and restricts access to defined categories of sites. 
 
4) Password and rights management. Complex passwords are required to access NIBTT system that are changed every 30 days. 
 
5) Rights Management. The NIBTT uses the least rights first principle, whereby users is given the minimum levels of access – or permissions – needed to perform his/her job function. Access control is audited annually. 
 
6) Managed Wifi Access Wifi. Access is separated into two independent networks, one for guest and another for employees of the NIBTT. 
 
7) End Point Protection. A centrally managed end point protection system is used to manage the download and deployment of up-to-date security patches on the network.
 
8) Firewall. The NIBTT firewall operates current version of firmware and is patched in line with vendor specification. Logs are periodically reviewed to identify trends and threats to the organisation.
 
9) Awareness Programmes. Security awareness programme are designed to keep staff informed and advise on how to respond and report peculiar incidents for investigation. 
 
10) Backup and Restore Procedures. The NIBTT conducts routine backups which are stored both on-premise and offsite. This back-up and restore process is capable of meeting RTO and RPO objectives – a vital measure in the event that data is wiped or locked by malware. 
 
11) Annual penetration testing. This testing is conducted to assess vulnerabilities.

Updated, December 28. NIBTT issued a new statement regarding the cyberattack on its computers.

Under the headline “The NIBTT engages local and international cyber security experts in response to ransomware attack,” the state agency said…

The National Insurance Board of Trinidad and Tobago (NIBTT) confirms that it is currently experiencing disruption to its usual operations resulting from a ransomware attack on Tuesday 26th December, 2023.

The incident was reported to the Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) under the Ministry of National Security, and the Ministry of Digital Transformation. Additionally, the NIBTT has engaged the services of local and international cybersecurity experts to spearhead the discovery and assessment to mitigate risk.

The organisation notes that all scheduled commitments have been completed for December 2023 and anticipates that all future commitments for January 2024 will be honoured.

Customers with confirmed appointments during the three-day temporary closure will be facilitated with a new appointment during January 2024.

The NIBTT will resume all operations on a phased basis from January 2024, the details of which will be confirmed in subsequent communication.