OneTouchPoint, Inc.
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
OneTouchPoint, Inc. Data Breach Overview
OneTouchPoint, Inc., a Wisconsin-based mailing and printing vendor, experienced a significant ransomware attack that has affected a large number of individuals and organizations. The breach was initially reported to have impacted 1.1 million individuals, but the victim count has since increased to 2,651,396 individuals[1]. The attack was discovered on April 28, 2022, when files on OneTouchPoint’s systems were found to be encrypted. The company’s servers were compromised on April 27, 2022, and sensitive data was accessed[1].
Details of the Breach
The compromised data included sensitive information such as names, healthcare member IDs, and information provided during health assessments. Other breached data included subscriber ID numbers, diagnoses, medications, addresses, dates of birth, sexes, physician demographics information, family histories, social histories, allergies, vitals, immunizations, and more[1][6]. For one customer, Social Security numbers were also included in the compromised information[5].
Affected Parties
At least 34 organizations have been known to be affected by the breach, including major healthcare providers and insurers such as Blue Shield of California Promise Health plan, Kaiser Permanente, Geisinger, Health First, UPMC Health Plan, Humana, Aetna ACE, Anthem Inc, and other Blue Cross Blue Shield affiliates[1]. The breach has been reported as one of the biggest health data breaches in 2022, with OneTouchPoint being a significant service provider to healthcare organizations[2].
Response and Legal Actions
OneTouchPoint has notified certain individuals about the breach on behalf of some of its customers, while others have chosen to issue notifications themselves[1]. The company has stated that it is unaware of any misuse of the compromised information, and some affected customers have offered credit monitoring and identity theft protection services to their members[1]. At least one class action lawsuit has been filed against OneTouchPoint over the data breach[1][7][9][11].
Importance of the Breach
The OneTouchPoint data breach is significant due to the large number of accounts accessed and the sensitivity of the information involved. It underscores the growing threat of ransomware attacks on healthcare organizations and the importance of robust cybersecurity measures[3]. The breach also highlights the need for third-party risk management in healthcare, as the compromised data was in the hands of a service provider[13].
Recommendations for Affected Individuals
For those affected by the breach, it is recommended to carefully review breach notices, enroll in any free credit monitoring services offered, change passwords and security questions for online accounts, regularly review account statements, monitor credit reports, and consider placing a fraud alert with credit bureaus[7].
In summary, the OneTouchPoint data breach has had a significant impact on millions of individuals and numerous healthcare organizations, leading to legal actions and raising concerns about cybersecurity in the healthcare sector.
Citations:
- https://www.hipaajournal.com/onetouchpoint-ransomware-victim-count-increases-to-2-65-million/
- https://www.chiefhealthcareexecutive.com/view/the-11-biggest-health-data-breaches-in-2022
- https://www.idstrong.com/sentinel/onetouchpoints-data-breach/
- https://wausaupilotandreview.com/2023/08/05/the-biggest-health-care-data-breaches-you-should-know-about-in-wisconsin/
- https://www.securityweek.com/onetouchpoint-discloses-data-breach-impacting-over-30-healthcare-firms/
- https://therecord.media/at-least-34-healthcare-orgs-affected-by-alleged-ransomware-attack-on-onetouchpoint
- https://www.turkestrauss.com/2022/08/08/onetouchpoint-data-breach-investigation/
- https://www.hipaajournal.com/july-2022-healthcare-data-breach-report/
- https://www.classaction.org/news/onetouchpoint-facing-class-action-over-april-2022-data-breach-affecting-1m-consumers
- https://www.bankinfosecurity.com/printing-vendors-breach-tally-soars-to-nearly-27-million-a-19933
- https://topclassactions.com/lawsuit-settlements/privacy/data-breach/onetouchpoint-data-breach-class-actions-allege-cyberattack-affected-over-1m-patients/
- https://www.hipaajournal.com/editorial-lessons-from-biggest-hipaa-breaches-of-2022/
- https://healthitsecurity.com/news/additional-orgs-report-aftermath-of-onetouchpoint-data-breach
- https://www.doj.nh.gov/consumer/security-breaches/documents/caresource-onetouchpoint-20220803.pdf