Iowa

In January 2023, Fortra LLC, a cybersecurity organization that contracts with Community Health Systems Incorporated, experienced a data breach incident. They moved to take their systems offline, and CHSPSC began an investigation that would determine the overall effect on affiliate personal information. The investigation found that personal information belonging to their patients, some employees, and others could have been exposed to the unauthorized party. That is, names, medical billing, insurance data, diagnoses, demographic information, and Social Security numbers. Fortra deleted the unauthorized party's accounts and access points. CHSPSC also alerted all affected individuals and posted the notification on its website. CHSPSC also made credit monitoring and ID restorations available for those affected.

In November 2022, O'Neal Industries realized an unauthorized party accessed the network using sophisticated malware, evading all its firewalls. The company reviewed the files affected by the incident and issued a notice to those impacted. It was determined that 892 people were affected because of the breach. Information related to personnel data, Social Security, and employment identification numbers were revealed. It also worked with external cybersecurity experts to implement additional safeguards for hardening the computer network. Other remediation measures at the time were password resets, server hardening, password rotations, and security configuration updates. ONI also provided enrollment in credit monitoring and identity theft protection for those affected.

In July 2022, Linn Mar came across unusual activity within their systems. They disconnected the systems and started an investigation to ascertain the scope of the incident. Linn-Mar also contacted law enforcement authorities concerning the data breach event. The investigation showed that an unauthorized party accessed particular systems and operated in them between July 26 and August 1, 2022. There was no evidence of misappropriation of personal information, but there was no way to rule out access to current and former employee data within the systems. Linn Mar also undertook an intensive process to determine the potentially exposed information. Linn Mar also issued a written notice to 5,698 residents. They provided credit monitoring options to those affected for 12 months through IDX, as well.

TBK Bank became aware of a data breach that occurred between December 1st and 6th, 2021. This involved unauthorized access to employee email accounts. After discovering the event, the bank investigated and secured the email account. The investigation could not ascertain the emails and attachments that might have been accessed. TBK also reviewed all emails and attachments within the employee account to assess if any personal customer data was exposed. From the investigation, it was determined that 3,027 residents had their information revealed. The data included names, Social Security numbers, passport numbers, driver's licenses, and other financial account details.

Osceola County became aware that employee accounts were accessed between February 10th and 27th, 2020. They immediately secured accounts and began a prompt investigation into the matter. The county also worked with third-party cybersecurity officials to assess the information compromised within the accounts. Though it did not have a reason to believe that personal information was accessed, Osceola County determined that some email accounts had personal information like full names, Social Security numbers, passport numbers, bank account data, driver's licenses, and credit card data. It also provided written notifications to all who were affected by the incident. Osceola County also offered credit monitoring and identity protection services to the impacted personnel.