The Nevada Division of Insurance remains offline after a ransomware attack forced multiple state agency systems to shut down on Aug. 24. Officials said the state will notify impacted individuals if personal information is found compromised, as required under Nevada law.
The Nevada Office of Emergency Management (OEM) said teams isolated affected systems to contain the threat, with restoration occurring in stages.
While investigators continue to assess the breach, OEM confirmed that some data was exfiltrated from the state’s network, according to BestWire.
Officials confirmed that “sophisticated, ransomware-based” attackers managed to exfiltrate data from the state’s network, though they haven’t yet disclosed the nature of the stolen information.
Governor Joe Lombardo addressed the public, emphasizing there’s no current evidence that DMV, financial systems, or benefits programs like SNAP, TANF, or Medicaid were compromised — though the assessment remains preliminary.
Despite the severity of the outage, critical services continued: emergency dispatch operated uninterrupted, payroll and school payments proceeded smoothly, and unemployment claims, Medicaid, and public employee benefits remained functional.
Yet, state employees were placed on administrative leave as front-facing offices shuttered; many began returning to work as systems gradually came back online.
Federal partners—including CISA and the FBI—are actively assisting with forensic analysis and system validation, reinforcing the recovery efforts with threat intelligence and oversight.
Governor Lombardo cautions that full transparency must be balanced against security concerns, but pledged that updates will follow as soon as it’s safe to share more details.
Nevada’s response underscores a lengthy recovery timeline. Though officials cited IBM studies suggesting weeks to months are typical, they report the state is ahead of that curve—but admit uncertainty remains over when all systems will be fully functional.
Despite the outage, core services continue to operate. Medicaid programs, health benefits for public employees, and provider payments remain active, according to OEM.
For insurance operations, third-party licensing and company processes remain intact, but intake has slowed. Product filings can still be submitted through SERFF, and consumers may file paper complaints at Carson City and Las Vegas offices.
Agencies are restoring services in phases—DMV branches reopened early September, offering vehicle registrations and title transfers in person, and even driver’s licenses by early Friday, while all associated late fees are being waived.
The Department of Business and Industry, which oversees the division, is working with limited systems.
Executive staff are reachable by email, though some phone lines remain disrupted. OEM directed media requests to the governor’s office, which has not yet commented.
The incident follows a summer wave of ransomware disruptions across the insurance sector. In June, Erie Insurance, Philadelphia Insurance Cos., and First Insurance Co. of Hawaii all had to disconnect systems after cyberthreats, with recovery stretching into weeks.
This attack marks one of the first known instances of a cyberstrike that virtually shuts down nearly all arms of a U.S. state government—a widespread disruption that cybersecurity experts describe as unprecedented in scale.
Legacy infrastructure and outdated, interconnected systems may have accelerated the spread, highlighting vulnerabilities many states still face.
Ransomware attacks are on the rise in the United States and local counties are scrambling to keep their cyber systems insured.
For those who lack cyber protection, the price can be both costly and time-consuming.
- Cyber insurance does more than provide cover for ransoms: Cyber insurance may also cover a range of first- and third-party losses incurred by victims of ransomware (e.g. business interruption, data and system recovery, forensics and legal assistance), as well as arrange expert support in managing incidents. Insurance also helps organisations identify and address cybersecurity vulnerabilities and adopt better risk prevention in a fast-changing landscape.
- Banning ransom payments would be a blunt, potentially ineffective policy instrument: An outright ban on the payment of ransoms or their reimbursement by re/insurers could backfire by driving transactions underground and encouraging ransomware attackers to engage in new, more malicious forms of extortion.
- Governments and regulators must do more to counter ransomware attacks: Public policies should be aimed at deterring ransomware attacks, disrupting cybercriminals’ business models and illicit use of cryptocurrencies, and better preparing organisations for intrusion.
