Iowa Cyber Attacks

Infrastructure Affected

Public Safety
Government
Medical
Education
 
Back to Archive
Iowa.jpg
 

Public Safety

Muscatine County CAD system & law enforcement, & City of Muscatine, Muscatine County

Breach Type - Other, Ransomware

Muscatine Iowa Gov

  • A MUSCOM server, the City of Muscatine Shieldware, a Springbrook financial server, and other city servers encrypted by ransomware attack
  • City of Muscatine IT staff and other IT personnel worked to isolate ransomware and restore servers
  • Muscatine Police and federal authorities lead investigation
Read More
Muscatine Journal

  • Vulnerability potentially exposed system to bad actors
  • Every department shared a records management system and computer aided dispatch system, resulting in all county law enforcement being directly affected by the cyber attack
  • Connection between the jail and Public Safety Building shut down to prevent further damage
  • Officers could not access mobile computers in squad cars due to offline servers
  • The jail lost access to those systems, including the National Crime Information Center database
Read More

 
BACK TO TOP

Local Government

Des Moines International Airport website targeted in cyberattacks, Polk County

Breach Type – Hacking, DoS

Des Moines Register

  • “Des Moines International Airport was one of at least a dozen around the country whose websites were targeted by pro-Russian hackers Monday morning.”
  • ”Kovarna said the airport was open and that the outage on the website, which is housed on an off-site server, had no effect on operations. The website appeared to be back online around 10:15 a.m.”
  • “Pro-Russian hacking group Killnet targeted at least 14 airport websites Monday, according to CNN. The attacks were of the denial-of-service variety, where an attacker floods a target with fake traffic to overwhelm computer servers and knock them offline. Killnet claimed responsibility last week for disabling some U.S. state government websites, according to CNN.”
Read More

 
No Personal Data Lost in Cyberattack, but Job-Search Site Remains Down, State of Iowa

Breach Type – Unknown, Malware

Iowa Capital Dispatch

  • “The state of Iowa’s job-search website remains inoperative, more than two weeks after the system fell victim to a cyberattack. On June 26, the IowaWorks.gov website went down due to an apparent cyberattack aimed at Geographic Solutions Inc., or GSI…”
  • “According to IWD, the cyberattack has had no impact on the payment of unemployment benefits to Iowans, but has disrupted Iowans’ weekly submission of ongoing unemployment claims and impeded the job-search process for claimants.”
  • “The agency has said that in order to avoid any delays in processing unemployment benefits, it has implemented a method of bypassing the normal process of submitting claims.”
  • “IWD hopes its website will be back up in the near future, but currently there is “no firm timetable for restoring IowaWORKS.gov to public use,” Dougherty said.”
Read More

 
City of LeClaire paid $222,373 to email scammers posing as vendors, Scott County

Breach Type – Phishing, Other

Quad City Times

  • “In total, $222,373 in LeClaire city funds were directed to three fraudulent accounts through “cleverly disguised and modified emails that resembled legitimate emails from legitimate vendors,” interim City Administrator Ed Choate wrote in an email to the Quad-City Times.”
  • “LeClaire has recovered about $120,618, Choate said, by freezing the accounts. Choate said the city is continuing to work with the FBI, the city's bank, and its insurance carrier to recover and/or reach a settlement for the remaining about $102,000.”
  • “In two of the three situations, Choate said, the city discovered the cyber attack because the actual vendors contacted the city to alert officials that they hadn’t received payment. In the third case, the city clerk discovered the fraud and contacted the vendor.”
  • “The city installed multi-factor authentication and other security software applications, Choate said, to prevent email compromises in the future. And documents and training for ACH transactions, an automatic payment system, were implemented by the city with help from their financial institution and the Iowa Department of Management.”
Read More

 
City of West Des Moines, Polk County

Breach Type – Unknown, Malware

Who Radio

  • City networks and servers were compromised in cyberattack
  • Officials were forced to disable the network to prevent spread
  • Emergency services remained relatively unimpacted
Read More

 
City of Ames, Story County

Breach Type – Hacking, Data Breach

Gemini Advisory

  • Hackers exploited vulnerability in Superion’s Click2Gov Utility Bill Pay Systems affecting government entities across the U.S.
  • Over 20,000 records from eight cities in five different states have been offered for sale on the dark web
  • City of Broken Ames one of the eight cities impacted
Read More

 
City of Ames, Story County

Breach Type - Other, Data Breach

Ames Tribune

  • Vulnerability in Click2Gov systems causes potential breach at City of Ames
  • City of Ames’ parking ticket payment system affected & taken offline
  • After learning the system had been breached, the city followed protocol and replaced the web server
  • 4,600 customers’ financial information potentially at risk
Read More

 
Dyersville Deputy Clerk Email, City of Dyersville, Dubuque County

Breach Type - Phishing, Other

Dyersville Commercial

  • Dyersville Deputy Clerk fell victim to phishing scam
  • Malicious link lead to computer virus which sent mass spam email to city customers
  • City isolated the account, wiped the affected computer, & cleaned the system
Read More

 
City of Keokuk

Breach Type - Phishing

Tri States Public Radio

  • W2 phishing scheme targets city of Keokuk
  • Affected employees will be notified via mail
  • Will be offered free credit monitoring
Read More

 
State of Iowa Election Hacking

Breach Type - Hack

The Daily Nonpareil

  • State target of election hacking
  • Able to block hacking attempts
  • No data compromised or affected
Read More

 
Spencer Chamber of Commerce

Breach Type - Ransomware

Spencer Daily Reporter

  • Attack limited to chamber offices, not city offices
  • Computers operate off common server, all are affected
  • New hard drives ordered to transfer data
Read More

 
Woodbury County

Breach Type - Ransomware

Tech Talk

  • 3,700 files compromised
  • Nothing lost thanks to backup servers
  • Attack originated from email
Read More

 
BACK TO TOP

Medical

Iowa hospital discloses breach following Royal ransomware leak, Clarke County

Breach Type – Unknown, Ransomware

TechTarget

  • "Clarke County Hospital on Wednesday disclosed that it suffered a data breach, one month after the Royal ransomware gang claimed responsibility for the attack and used a brazen extortion tactic.”
  • ”Security researchers spotted the Iowa-based critical access hospital on the Royal ransomware data leak site, where it was first listed on April 24. Royal operators had reposted the Clarke County Hospital (CCH) listing and were actively leaking data that included an alleged video of a patient collapsing"
  • “CCH didn't acknowledge an attack until May 17, when it issued a data breach notification that the attack "may have exposed" personal information of current and former patients.”
  • ”In addition, CCH emphasized that electronic medical records, Social Security numbers, banking information, credit card information and financial information were not involved in the breach.”
  • ”The notification did not address the Royal ransomware claim or whether ransomware was involved at all, but it did disclose that the attack began on April 14 and forced CCH to shut off all network access. Status updates to CCH's Facebook page at the time confirmed the network disruption.”
Read More

 
Nationwide Data Breach Affects 20,800 Iowa Medicaid Members, Polk County

Breach Type – Hacking, Data Breach

KCIM 1380

  • "The Iowa Department of Health and Human Services (HHS) announced on Tuesday that a data breach at a third-party contractor affected around 20,800 Iowa Medicaid members.”
  • ”Independent Living Systems (ILS), a state-contracted company responsible for performing service assessments, detected the breach, which is believed to have occurred from June 30 to July 5, 2022."
  • “The breach led to the release of personal identifying information, including full names, Medicaid details, and other sensitive data.”
Read More

 
Univ. of Iowa Hospitals website possibly hit by cyberattack, Johnson County

Breach Type – Hacking, DoS


 
Cyberattacks Reported by Wolfe Clinic, Reiter Affiliated Companies, & SERV Behavioral Health System, Polk County

Breach Type – Unknown, Data Breach

Yahoo! News

  • “Wolfe Clinic, P.C in Iowa has recently confirmed that it was affected by the data breach at the electronic medical record provider, Eye Care Leaders. The attack exposed the protected health information of 542,776 current and former Wolfe Clinic patients."
  • “Wolfe Clinic used the myCare Integrity medical records platform, which was accessed by an unauthorized party on or around December 4, 2021, who deleted databases and system configuration files. A forensic investigation of the security incident was conducted but the deletion of files meant there was a lack of forensic evidence, so it was not possible to determine whether the PHI of Wolfe Clinic patients was accessed or acquired in the attack. Wolfe Clinic said names, addresses, birth dates, Social Security numbers, diagnostic information, and health insurance information were potentially compromised.”
  • "At the time of issuing notifications, Wolfe Clinic had not received any reports of identity theft and fraud related to the Eye Care Leaders data breach. Affected individuals have been offered 12 months of complimentary credit monitoring and identity theft protection services.”
  • ”The Eye Care Leaders data breach is known to have affected at least 40 eye care providers and resulted in the exposure of the PHI of at least 3.6 million patients.?
Read More

 
MCG Health Data Security Breach, Jefferson County

Breach Type – Hacking, Data Breach

Jefferson County Health Center

  • "MCG Health, a contracted third-party that provides patient care guidelines to JCHC, recently reported to us they experienced a data security breach. This breach did not affect JCHC computer systems. However, because patient information is shared with MCG in the course of delivering care, some JCHC patients are affected by their breach."
  • “MCG Health determined on March, 25, 2022, that an unauthorized party obtained personal information that matched data stored on their systems. The personal information may include some or all of the following list: name, Social Security number, medical codes, postal addresses, telephone numbers, email addresses, dates of birth, and gender."
  • "Affected patients will be receiving letters from MCG regarding this security breach. As part of their response, MCG is offering those affected two years of identity protection and credit monitoring at no cost. If you are affected and wish to receive this free monitoring"
Read More

 
Ottumwa dental office experiences data breach, Wapello County

Breach Type – Unknown, Ransomware

Ottumwa Courier

  • "The result of a data breach at an Ottumwa dental office could have exposed patient information."
  • "On Nov, 22, 2020, the office of Gregory P. Vannucci, a dental provider and oral surgeon, detected a network security incident affecting his practice. An unauthorized third-party accessed the network and encrypted the practice’s data. the office shut off all access to the network and engaged a cybersecurity firm to investigate the extent of incident."
  • "Through the investigation, it was determined that certain patient information could have been compromised by an unauthorized third party."
  • "There was no evidence that individual information was specifically accessed for misuse, the office notified all individuals via mail whose personal information may have been compromised. It is possible that the following information could have been exposed to the unauthorized third party: first and last name, dental treatment information, and a very small number of social security numbers."
Read More

 
Thousands of patients exposed after phishing attack on Iowa hospital, Wayne County

Breach Type – Phishing, Data Breach

Becker Hospital Review

  • "Wayne County Hospital began notifying 2,016 patients that their data may have been exposed after hackers launched a phishing attack on its employee emails."
  • "On March 22, the hospital learned it was the victim of a phishing attack. The hospital took steps to secure its network and launched an investigation with a third-party cybersecurity firm"
  • "Email accounts contained some patients' names, Social Security numbers, financial account information, medical-related information and more."
  • "The hospital said it's working to figure out how the breach occurred and taking steps to prevent a similar situation from occurring again."
Read More

 
Peoples Community Health Clinic Issues Notice of Data Security Incident, Hawk County

Breach Type – Unknown, Data Breach

PR Newswire

  • On March 22, 2021, PCHC became aware of suspicious activity related to an employee's email account. Following this, PCHC promptly launched an investigation with the assistance of third-party forensic specialists to assess the security of its systems and the nature and scope of this incident."
  • -"This investigation determined that an unauthorized individual gained access to one PCHC email account between March 18, 2021 and March 22, 2021 but could not confirm what specific information within this account may have been actually accessed by the unauthorized individual."
  • "While the specific data elements vary for each potentially affected individual, the scope of information potentially involved includes: name; address; Social Security number; date of birth; driver's license number or state identification number; medical diagnosis/medical treatment information; health insurance information; payment card number; or card CVV/expiration date."
Read More
Mercy Iowa City Hospitals, Johnson County

Breach Type – Hacking, Data Breach

Becker's Hospital Review

  • Bad actor gained access to employee email account for over 1 month
  • Spam and phishing emails were sent using the account
  • Personal health information, including patient names and SSNs, were likely compromised
Read More

 
UnityPoint Health, Polk County

Breach Type – Unknown, Ransomware

KCCI 8 News

  • Healthcare provider contacted roughly 27,000 following cyberattack on vendor
  • Over 3 million healthcare entities had information accessed from vendor database
  • Information included names, addresses, dates of birth, and dates of service among others
Read More

 
Monroe County Hospital & Clinics, Monroe County

Breach Type – Phishing, Data Breach

Des Moines Register

  • Bad actors used phishing in data breach cyberattack
  • Over 7,000 patients had information leaked
  • Healthcare center notified affected patients via email
Read More

 
Graceland University, Decatur County

Breach Type - Phishing, Data Breach

Bleeping Computer

  • Hackers gained access to employee emails on two separate occasions
  • Private information was compromised as unauthorized users had access to previous interactions within that account
  • Sensitive information such private social security numbers, payment information, date of birth, full name and more was exposed
Read More

 
Southern Hills Eye Care, Woodbury County Iowa

Breach Type - Unknown, Ransomware

Data Breaches

  • An investigation was prompted after the office had been attacked by ransomware
  • Hackers may have gained access to sensitive patient information leaving it compromised
  • There is no evidence patient information was truly compromised but the office has made attempts to stop events like this in the future
Read More

 
Jones Eye Clinic, Woodbury County

Breach Type - Ransomware

Sioux City Journal

  • Ransomware attack hits Jones Eye Clinic
  • Breach may have impacted patients registered during specific time frame
  • Computer systems immediately restored using backup information
Read More

 
UnityPoint Health, Polk Co., Dallas Co., Warren Co.

Breach Type - Phishing, Data Breach

Des Moines Register

  • Hackers create sophisticated phishing scheme to gain access to UnityPoint Health system
  • Intruders may have accessed private medical information
  • UnityPoint implementing stronger cyber defenses to prevent future attacks
Read More
Becker's Hospital Review

  • This long spanning attack caused the health system to notify affected patients of attack
  • Over 16,000 Patients were affected in the first wave but 1.4 million were affected in second breach
  • The information leak has lead to a lawsuit regarding the health system's failure to contact exposed victims and failure to communicate what was exposed
Read More

 
UnityPoint Health

Breach Type - Phishing

DataBreaches

  • UnityPoint notified patients its email system fell victim to a phishing attack
  • Acted to secure the affected accounts & hired a forensic investigator to analyze data at risk
  • Personal information potentially accessed/misused, including financial information for some patients
Read More

 
Primary Health Care, Inc.

Breach Type - Hack

PR Newswire

  • Employee email account compromised
  • Primary Health Care launched investigation to analyze information at risk
  • As a precaution, notified potentially affected individuals
  • No evidence of misuse of information exists
Read More

 
Waverly Health Center

Breach Type - Ransomware

KWAY Radio

  • Waverly health experiences ransomware attack
  • Working to restore systems without paying ransom
  • Manual documentation by employees to ensure patient care continues
Read More

 
Iowa City’s Mercy Hospital

Breach Type - Hack

Daily-Iowan

  • Cyber extortion possibly occurred on Jan. 26th, 2016
  • Mercy began an internal investigation
  • Hired a leading forensics firm to help secure information
Read More

 
BACK TO TOP

Education

Des Moines Public Schools cancels Tuesday classes after cybersecurity attack, Polk County

Breach Type – Unknown, DOS

Des Moines Register

  • "Des Moines Public Schools has canceled all classes for Tuesday after officials took the district's internet and network offline Monday morning following what they described as "unusual activity" that was later determined to be an apparent cybersecurity attack.”
  • “The district issued an announcement Monday afternoon saying offices will be open but staff may be working remotely and services limited. Athletics and activities are currently scheduled to take place, the district said.”
  • “At this time, the matter is being investigated by our IT staff and consultants," said Phil Roeder, Des Moines schools' spokesperson told the Des Moines Register. "Access to the internet, wifi, and various networked systems, at school buildings and district offices, will be either offline or intermittent throughout the day." “Des Moines Public Schools is just one of a number of Iowa schools and organizations that have dealt with cybersecurity attacks in recent years including the Des Moines Area Community College in 2021 and MercyOne facilities following the cybersecurity breach at CommonSpirit Health in mid-October.”
Read More

 
Hacker claims to have Davenport schools data, threatens release, Scott County

Breach Type – Hacking, Data Breach

Sioux City Journal

  • “It appears possible that a recent cyber attack on the Davenport School District resulted in the theft of a large collection of student and other district data."
  • ”A data-extortion group is claiming to have stolen information from the Davenport district and is threatening to publicly release it, writing in a recent online post, "In this release we will show you 845 GB of their data, which include a giant, massive array of student's (sic) personal information ..." The post by "Karakurt" indicates a deadline of Oct. 31 for the district to meet its demands, though the post does not reveal the terms of a possible ransom demand.”
  • “The district's email system this week has been experiencing disruptions, suggesting internal communications about the possible threat could not reach staff.”
Read More

 
Leaked image shows ransomware attack hit Linn-Mar School District, Linn County

Breach Type – Unknown, Ransomware

Data Breaches

  • “Leaked screenshots show the Linn-Mar School District is dealing with a ransomware attack much more severe than the “technical difficulties” the district has described to staff and parents."
  • “A staff member shared with TV9 screenshots from district computers showing a warning message stating “all your files have been encrypted by Vice Society”."
  • "The warning goes on to threaten to upload those files to the dark web unless the user contacts them to purchase a key within 7 days. The notice does not give the cost of that key."
Read More

 
Union Community School District Victim of File Dump on Dark Web

Breach Type – Unknown, Ransomware

DataBreaches.net

  • The district experienced a cyberattack prior to April 19... But now that the threat actors have dumped thousands of files with employees’ and students’ personal information on the dark web
  • The threat actors do not indicate in the listing when they first attacked the district or contacted them with any ransom demand, but on May 28, the threat actors updated their listing of April 19 and dumped thousands of files. They also posted a list of every computer on the district’s network
  • The file dump, compromising almost 2 GB of compressed files, contained numerous files with personal and personnel information on former and current employees as well as personal information on current and former students
  • Files with employees’ personal addresses, phone numbers, name of spouse or partner, and their birthday were also in the dump, as were salary schedules with employees’ rate of pay, date of hire, Social Security numbers, and other types of certification data and expiration dates
  • Student-related files include lists of all students in every class and grade, but also some disciplinary incidents involving named students. There were also files with named students and Student Reporting in Iowa (SRI) information, and thousands of transcripts of students who graduated between 2003 and 2019
Read More

 
Charles City Schools, Floyd County

Breach Type – Unknown, Data Breach

Mail Tribune

  • Student health information likely compromised
  • Third party vendor's systems were hit
  • Names, Medicaid information, dates of birth among leaked info
Read More

 
Timberline billing services, Polk County

Breach Type – Unknown, Data Breach

The Oskaloosa Herald

  • Contractor has experienced a data security incident that resulted a breach of personal student information
  • According to press release breach to not involve access to internal systems or student records
  • Some of the files contained information concerning current and former students’ personal information
Read More

 
Graceland University, Decatur County

Breach Type - Phishing, Data Breach

Bleeping Computer

  • Hackers were able to gain access to email accounts on several different accounts
  • Private information may have been accessed including information of persons who interacted with the accounts over several years
  • Some of the private information may have contained social security numbers, full names, birthdays, salaries, family information, and more
Read More

 
Johnston School District

Breach Type - Hack

Des Moines Register

  • "Dark Overlord" hacking group accessed & exposed personal information of young Johnston students
  • Hackers contacted students' parents, sending threatening text messages
  • Parents concerned about security of sensitive data on Johnston School servers
  • Local authorities and federal investigators working to resolve security incident
Read More

 
University of Iowa

Breach Type - Phishing

Daily Iowan

  • University of Iowa students targeted in phishing attacks
  • Hacker compromises student account & sends 200 fraudulent emails
  • Hacker used email to pose as university employee
  • University working to implement additional security measures
Read More

 
University of Iowa

Breach Type - Hack

DataBreaches

  • Investigated multiple cheating incidents caused by hacking
  • Advised campus community to change University account passwords
  • Notified 250 University staff members hackers accessed their credentials
Read More

 

BACK TO TOP