Iowa Total Care vendor reports a Data Security Incident
A vendor notified Iowa Total Care (ITC) that they were a victim of a criminal ransomware attack. An unauthorized actor gained access to the vendor’s systems after sending a phishing email on April 6, 2020 that impersonated a client. The vendor discovered it on April 11, 2020 and notified Centene/Iowa Total Care. This incident may have affected a few of ITC’s members. The information accessed by the unauthorized actor may have been the name and one or more of the following: treatment information, health insurance account information, member ID, other health-related information, email addresses, phone numbers, physical addresses, or social security number. The information did not include financial information.
ITC is committed to protecting the security and confidentiality of member information and worked closely with the vendor and corporate partners to investigate the incident. The vendor immediately retained a leading cybersecurity forensics firm to help conduct a thorough investigation of the incident. The vendor also reported the incident to, and is working closely with, the appropriate law enforcement authorities, including the FBI. In addition, to help prevent a similar type of incident from occurring in the future, the vendor has implemented additional security protocols designed to protect our network, email environment, systems, and personal information. Centene/ITC will continue to work with the vendor to monitor the implementation and effectiveness of these new controls.
At this point, ITC is not aware of any fraud or misuse of any personal information due to the incident. Identified members were sent notifications in the mail. Members should review their explanation of benefits (EOB) from the health plan. If any services are identified as not received, contact the plan immediately. Otherwise, for questions, please feel free to contact ITC’s Member Services at 1-833-404-1061.
If a member suspects their identity has been stolen at any point, they should contact their local enforcement officials, or call the Attorney General’s Consumer Protection Division at 515.281.5926, or toll-free at 1.888.777.4590. Members can also write to the Consumer Protection Division, 1305 E. Walnut Street #110, Des Moines, Iowa 50319. For information on preventing and dealing with identify theft, go to www.IowaAttorneyGeneral.gov and click on “For Consumers” at the bottom of the page. Please also see www.PrivacyRights.org and www.ftc.gov/idtheft.