+1 206 446 0600 umv@merysolsecurity.com

OneTouchPoint Ransomware

OneTouchPoint Ransomware Victim Count Increases to 2.65 Million

Posted By HIPAA Journal on Sep 1, 2022

 The number of individuals affected by the ransomware attack on the Hartland, WI-based mailing and printing vendor, OneTouchPoint, has now increased to 2,651,396 individuals, with Common Ground Healthcare Cooperative one of the latest organizations to confirm that it has been affected.  Brookfield, WI-based Common Ground Healthcare Cooperative said 133,714 of its members were affected.

 OneTouchPoint said it discovered the attack on April 28, 2022, when files on its systems were encrypted. A forensic investigation was launched to determine the nature and scope of the security breach, which revealed its servers were compromised on April 27, 2022, and certain files containing sensitive data were accessed.  The review of those files confirmed on July 15, 2022, that they contained the sensitive information of current and former employees and data of its customers. Customers were notified about the attack on June 3, 2022.

 The breach involved employee information such as names, healthcare member IDs, and information provided during health assessments. Customers have reported the breach as involving names, subscriber ID numbers, diagnoses, medications, addresses, dates of birth, sexes, physician demographics information, family histories, social histories, allergies, vitals, immunizations, and other information.

 Initially, the breach was reported as affecting 1.1 million individuals, but the total has now been increased to 2,651,396 individuals. At least 34 organizations are known to have been affected, including Matrix Medical Network breach also affected Blue Shield of California Promise Health plan Kaiser Permanente, Geisinger, Health First, UPMC Health Plan, Humana, Aetna ACE, Anthem Inc, and other Blue Cross Blue Shield affiliates.

 OneTouchPoint is notifying certain individuals about the breach on behalf of some of its customers, but some customers have chosen to issue notifications themselves.

 OneTouchPoint said it is unaware of any misuse of the compromised information. Some of the affected customers have offered credit monitoring and identity theft protection services to their members.

At least one class action lawsuit has been filed against OneTouchPoint over the data breach.

You May Also Like …


Submit a Comment

Your email address will not be published. Required fields are marked *