A medical billing company in Iowa, USA, is stepping up its cybersecurity after being attacked by ransomware. A hacker, whose identity remains unknown, "infected" Timberline Billing Service LLC with malware between February 12 and March 4, 2020. After acquiring access on the company network, the attacker encrypted archives and stole date and its information.
Timberline said it could not immediately determine exactly which data was stolen. However, after reviewing the files that the attacker could access, the company found that current and former students in schools served by it, may have been affected by the ransomware attack.
Des Moines-based Timberline provides services to approximately 190 schools in Iowa. The security incident was reported to the Civil Rights Office of the Ministry of Health and Human Services as data breach which affected about 120.000 people.
Data that the attacker gained access to may be included student names, dates of birth, social security numbers, Medicaid ID and billing information.
Its leaders Iowa School District stated that during the ransomware attack the attacker did not have access to the interior systems of the area or in student files.
Timberline began contacting students in Iowa on Oct. 20 to alert them to an "incident confidentialityWhich may disclose some of their personal information.
While the company said it has not detected any misuse of student data so far, it is providing free credit tracking and identity protection services to all students affected by the incident. In addition, the company has set up a toll-free call center to provide support for students and their parents.
Company officials said they had taken the necessary steps to improve its security systems to prevent a similar attack in the future. Measures include firewall and upgrades server, the relocation of school and student data to one in cloud service, reset all user passwords, and frequently change passwords.
According to Infosecurity Magazine, other Iowa health organizations were affected by malware this year. Indicatively, UnityPoint Health and the Iowa State Foundation report data breaches as a result of ransomware attacks Blackbaud in May, which affected numerous organizations around the world.