Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms

Mailing and printing services vendor OneTouchPoint has disclosed a data breach impacting more than 30 healthcare providers and health insurance carriers.

Headquartered in Hartland, Wisconsin, OneTouchPoint offers print, marketing execution and supply chain management services to organizations in the healthcare sector.

Mailing and printing services vendor OneTouchPoint has disclosed a data breach impacting more than 30 healthcare providers and health insurance carriers.

Headquartered in Hartland, Wisconsin, OneTouchPoint offers print, marketing execution and supply chain management services to organizations in the healthcare sector.

The company revealed this week that it recently fell victim to a ransomware attack that has resulted in the compromise of personally identifiable information (PII) stored on its systems.

OneTouchPoint says it found encrypted files on some of its systems on April 28 and immediately started investigating the incident. It later discovered that the attackers had accessed its network on April 27, but could not determine which files the attackers had accessed within its network.

The company says it later determined that the compromised systems contained PII provided by its customers, including names, addresses, birth dates, date of service, description of service, diagnosis codes, information provided as part of a health assessment, and member ID.

For one customer, Social Security numbers were also included in the compromised information.

OneTouchPoint also notes that it has been working with its customers to identify the individuals whose information might have been impacted and that it has started sending out data breach notifications on behalf of impacted customers.

In a data breach notice on its website, OneTouchPoint lists 34 healthcare insurance carriers and healthcare services providers that have been impacted, but the number appears to be larger.

At least two other entities – Arkansas Blue Cross and Blue Shield and Blue Shield of California Promise Health Plan – have sent data breach notifications after learning that their subcontractor, Matrix Medical Network, was impacted by the OneTouchPoint ransomware attack.

It is yet unclear how many individuals might have been impacted in the incident.

OneTouchPoint hasn’t shared information on the type of ransomware that was used in the attack.

Related: US: North Korean Hackers Targeting Healthcare Sector With Maui Ransomware

Related: Healthcare Technology Provider Omnicell Discloses Ransomware Attack

Related: Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack