DataBreaches.net has previously noted a breach involving a Medicaid billing service that school districts use. Timberline Billing Service, LLC has not responded to this site’s inquiries (yet). Today, this site also reached out to College Community School District, one of the almost 200 Iowa school district that use Timberline. No reply has been received from them as yet. The following is part of their press release of October 23:
College Community School District announced today that it recently learned of an incident experienced by its billing services provider, Timberline Billing Company, LLC (“Timberline”), which may affect the security of certain personal and protected health information belonging to certain current and former College Community School District students. Timberline assists approximately 190 school districts throughout the state, including College Community School District, with processing Medicaid claims relating to healthcare services provided to students. College Community School District has sent notification of this incident to potentially impacted individuals and is providing resources to assist them.
Timberline informed College Community School District that after noticing suspicious activity on its systems on March 5, 2020, Timberline launched an investigation to determine the nature and scope of the suspicious activities. Working with outside computer forensics specialists, Timberline determined that an unknown actor accessed the Timberline network between February 12, 2020 and March 4, 2020, and removed certain information from the Timberline network; however, the investigation was unable to determine which specific information was actually removed.
Timberline undertook a comprehensive and time-intensive review of all files that could have been impacted and notified College Community School District that certain protected health information and/or personal information that was present in files that may have been subject to unauthorized access belonged to current and former College Community School District students. The information potentially accessed by the unauthorized actor includes: name, Date of Birth, Medicaid Identification number, billing and claims information, support service code and identification number, medical record number, treatment information, medical information regarding diagnoses and symptoms.
Currently, there is no evidence of the misuse of any information potentially involved in this incident. Yet out of an abundance of caution, notice of this incident was sent to the potentially impacted individuals on October 20, 2020. In addition to informing potentially impacted individuals about the incident, the notification letter includes steps that potentially impacted individuals can take to protect their information and offers these individuals access to complimentary credit monitoring and identity theft restoration services. College Community School District recommends that individuals enroll in the services provided and follow the recommendations contained within the notification letter to ensure their information is protected.
Timberline has informed College Community School District that, to date, Timberline is unaware of any actual misuse of personal information relating to this event. Nevertheless, Timberline has reported this incident to law enforcement and is also reporting this incident to certain regulatory authorities, as required.
“The privacy and security of our students’ information is of the utmost importance to College Community School District,” said Chief Financial Officer Angie Morrison. “Once we were notified about the incident, we immediately contacted Timberline and assembled a response team, including legal counsel specializing in cyber and data security incidents. Through this team, notifications have been sent to individuals who potentially may have been impacted and we will work closely with them to provide assistance. We will continue to focus on our students’ privacy and strive to maintain the trust of our community. We deeply regret any worry this incident causes and we thank our community for its support.”
Timberline has established a dedicated assistance line for individuals seeking additional information regarding this incident. Individuals seeking additional information may call the toll-free assistance line at 1(844) 439-7669. This toll-free line is available from 8:00 a.m. to 10:00 p.m. CT, Monday through Friday and 10:00 a.m. to 7:00 p.m. CT Saturdays and Sundays, excluding U.S. holidays. Individuals seeking to contact College Community School District directly may also write to us at 401 76th Avenue SW, Cedar Rapids, IA 52404 or email CFO Angie Morrison with questions at: [email protected].
SOURCE College Community School District