Serviceteam IT Security News

An Iowa medical billing and reimbursements services company is boosting its cybersecurity after suffering a ransomware attack.

An unknown threat actor hit Timberline Billing Service LLC with malware between February 12 and March 4, 2020. After gaining access to the company’s network, the attacker encrypted files and removed information.

Timberline said it was unable to determine precisely what data was exfiltrated, but a review of the files that could have been accessed concluded that current and former students in schools served by the company may have been impacted.

Timberline, which is based in Des Moines, provides services to around 190 schools in Iowa. The security incident was reported to the Department of Health and Human Services’ Office for Civil Rights as a data breach affecting up to 116,131 individuals.

Data accessed by the attacker may have included students’ names, dates of birth, Medicaid identification number, and related billing information. 

Social Security numbers may also have been accessed in what Timberline described as “very limited instances.”

Iowa City Community School District leaders said the ransomware attack “did not involve any access to District’s internal systems or student records.”

Timberline started contacting students in Iowa on October 20 to notify them of “a privacy incident that may have involved some of their information.”

While the company says it hasn’t yet unearthed any instances of student data being misused, Timberline is offering all students impacted by the incident free credit monitoring and identity protection services. 

A toll-free call center has been established by Timberline to support impacted students and their parents. 

Company officials said action was being taken to improve Timberline’s security systems to prevent a similar attack from happening in the future. Among the steps being implemented were firewall and server upgrades, migrating school and student data to a cloud location, resetting all user passwords, and requiring frequent password rotations.

Other Iowa organizations impacted by malware this year include UnityPoint Health and Iowa State Foundation, both of which suffered a data breach when their third-party vendor Blackbaud was attacked with ransomware in May.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!