Cyber Incident Victim: Technology Management Resources, Inc.
Date:
Oct 2021
Location:
United States of America
Summary
Technology Management Resources, a lockbox service provider, experienced unauthorized access to its systems impacting client data across multiple incidents. An initial compromise involved a breached employee account enabling threat actors to view check images and protected health information processed for clients over an extended period. Following remediation efforts, a subsequent incident occurred when anomalous activity was detected in another user account, potentially exposing customer payment details and personal information handled for a different client via bank lockbox services. The provider disabled affected accounts, reset credentials, and implemented firewall restrictions in response, though questions remained about the effectiveness of corrective measures after the recurrence. The incidents led to notifications by impacted clients and law enforcement involvement, with no public clarification from the provider on whether the breaches were distinct or related.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On October 14, 2021, Technology Management Resources, Inc. (TMR), a third-party lockbox service provider for IberiaBank, identified unauthorized activity involving a user account within its lockbox application. TMR promptly disabled the compromised account upon determining the activity was unauthorized. The incident impacted StrongPhySynergy, LLC, which utilized IberiaBank’s lockbox services managed by TMR to process customer and patient payments. PhySynergy was notified of the breach by TMR on January 5, 2022, over two months after detection, and subsequently disclosed the event publicly on March 4, 2022. The breach potentially exposed personal information and payment data from checks processed through the lockbox service, though the exact scope of accessed records was not detailed in available disclosures. TMR initiated an investigation but did not publicly confirm whether forensic evidence clarified the attacker’s entry vector, duration of access, or specific data exfiltrated.
This incident followed a prior security event disclosed by TMR in 2020 involving IntelliRad, another client. In that case, TMR discovered on July 3, 2020, that an employee’s iRemit account had been compromised, with threat actor activity occurring intermittently from August 5, 2018, to May 31, 2020. IntelliRad received notification on August 21, 2020. TMR’s investigation at that time indicated attackers potentially viewed check images and protected health information (PHI). In response, TMR reset credentials, deactivated compromised accounts, implemented firewall restrictions to block foreign access attempts, and notified the FBI. No confirmation was provided regarding whether these measures remained effective or were updated prior to the October 2021 breach. Following the 2021 incident, PhySynergy’s notification did not specify any additional corrective actions taken by TMR, and TMR did not respond to media inquiries about whether the two incidents represented separate attacks or a persistent intrusion, nor did they disclose any post-2021 security enhancements.