Ransomware Attack on Medical Billing Company

  • An Iowa clinical billing and reimbursements solutions company is boosting its cybersecurity soon after struggling a ransomware attack.

    An unfamiliar danger actor hit Timberline Billing Service LLC with malware among February 12 and March 4, 2020. Right after gaining obtain to the company’s network, the attacker encrypted files and removed information and facts.

    Timberline mentioned it was not able to establish precisely what details was exfiltrated, but a evaluation of the information that could have been accessed concluded that latest and former students in schools served by the organization may perhaps have been impacted.

    Timberline, which is based in Des Moines, provides providers to all-around 190 educational facilities in Iowa. The security incident was noted to the Department of Health and Human Services’ Office for Civil Rights as a knowledge breach impacting up to 116,131 individuals.

    Facts accessed by the attacker may possibly have included students’ names, dates of beginning, Medicaid identification amount, and linked billing data.

    Social Security numbers may perhaps also have been accessed in what Timberline explained as “pretty restricted situations.”

    Iowa City Group College District leaders said the ransomware attack “did not include any accessibility to District’s inside systems or scholar documents.”

    Timberline started off speaking to pupils in Iowa on October 20 to notify them of “a privacy incident that may have associated some of their data.”

    Though the corporation states it hasn’t however unearthed any cases of student data being misused, Timberline is providing all pupils impacted by the incident free credit score checking and id safety providers.

    A toll-cost-free call middle has been founded by Timberline to aid impacted college students and their mom and dad.

    Enterprise officers claimed motion was staying taken to boost Timberline’s security methods to stop a related attack from taking place in the potential. Among the the ways currently being applied were firewall and server upgrades, migrating faculty and pupil information to a cloud locale, resetting all person passwords, and requiring frequent password rotations.

    Other Iowa companies impacted by malware this year include UnityPoint Health and Iowa State Foundation, equally of which suffered a data breach when their third-bash vendor Blackbaud was attacked with ransomware in Might.