[BreachExchange] IOWA-BASED BUSINESS ASSOCIATE SUFFERS BREACH IMPACTING MORE THAN 115K

[Destry Winant]

https://www.healthleadersmedia.com/technology/iowa-based-business-associate-suffers-breach-impacting-more-115k

Timberline later determined that an unknown actor accessed its network
between February 12 and March 4, deployed ransomware, encrypted
certain files, and removed information from the network.

A version of this article was first published November 17, 2020, by
HCPro's Revenue Cycle Advisor, a sibling publication to HealthLeaders.

Timberline Billing Service LLC, a third party that provides Medicaid
reimbursement billing services to 190 school districts in Iowa,
reported a security incident October 30 that affected 116,131
individuals, according to the Office for Civil Rights (OCR) breach
report.

According to the security notice posted on the Lewis Central Community
Schools website, Timberline noticed suspicious activity on its network
impacting certain servers and systems on March 5.

Timberline later determined that an unknown actor accessed its network
between February 12 and March 4, deployed ransomware, encrypted
certain files, and removed information from the network.

Timberline’s investigation determined the following information may
have been accessed:

- Billing or claims information
- Date of birth
- Name and Medicaid ID number
- Treatment information
- Support service code and identification number
- Social Security number

Following its investigation, Timberline reported the incident to Lewis
Central Community School District on September 2. Timberline also
reported the incident to law enforcement, according to the security
notice.

Timberline is taking steps to improve the security of its systems,
including upgrading all servers and firewalls, resetting all user
passwords and requiring frequent password rotations, and migrating
school and student data to a cloud location.