Cyber Incident Victim: Technology Management Resources, Inc.
Date:
Aug 2018
Location:
United States of America
Summary
A compromised employee account at third-party lockbox provider Technology Management Resources (TMR) exposed payment processing data for Arkansas Methodist Medical Center patients over an extended period. The threat actor accessed check images and billing documents containing names, addresses, bank account details, and medical account numbers through TMR's iRemit application. TMR secured the breached account, initiated an investigation with cybersecurity experts, implemented firewall restrictions to limit foreign access, and notified law enforcement. While the incident did not directly involve AMMC's or IBERIABANK's internal systems, financial and protected health information was potentially viewed during the unauthorized access period. Corrective measures included credential resets and enhanced security controls to prevent recurrence.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The incident involving Technology Management Resources, Inc. (TMR) began with the compromise of a TMR employee’s user account, discovered by TMR on July 3, 2020. TMR served as a third-party lockbox service provider for IBERIABANK, which managed payment processing for Arkansas Methodist Medical Center (AMMC). The threat actor’s unauthorized access occurred over an extended period, spanning from August 5, 2018, to May 31, 2020, with the majority of activity concentrated between February and May 2020. TMR’s investigation, conducted with external cybersecurity professionals, determined that the attacker potentially viewed images within TMR’s iRemit application containing Protected Health Information (PHI) and financial data related to AMMC patients. These images included personal checks and billing statements, exposing names, addresses, checking account numbers, routing numbers, and AMMC account numbers. AMMC was notified of the breach on August 24, 2020, over a month after TMR’s discovery, and initiated efforts to gather details for customer notifications. TMR reported the incident to the FBI, though no further details regarding law enforcement involvement were disclosed in the available source material.
Upon identifying the breach, TMR secured the compromised account and reset or deactivated affected credentials. The company implemented firewall enhancements to restrict international access to the iRemit website and took unspecified additional steps to prevent recurrence. IBERIABANK, though not directly implicated in the security failure, offered affected individuals complimentary credit monitoring and identity theft protection services through CyberScout as a "professional courtesy." AMMC directed potentially impacted customers to a dedicated toll-free helpline for verification and additional information but emphasized that its own systems and IBERIABANK’s infrastructure remained uncompromised. The breach’s two-year duration before detection raised concerns about the scope of exposed data, though no specific number of affected individuals or evidence of data misuse was confirmed in the notification. AMMC advised vigilance in monitoring financial and insurance statements for suspicious activity, consistent with standard post-breach guidance, but did not disclose whether TMR faced regulatory penalties or further operational disruptions as a result of the incident.