HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

OneTouchPoint Ransomware Victim Count Increases to 2.65 Million

The number of individuals affected by the ransomware attack on the Hartland, WI-based mailing and printing vendor, OneTouchPoint, has now increased to 2,651,396 individuals, with Common Ground Healthcare Cooperative one of the latest organizations to confirm that it has been affected. Brookfield, WI-based Common Ground Healthcare Cooperative said 133,714 of its members were affected.

OneTouchPoint said it discovered the attack on April 28, 2022, when files on its systems were encrypted. A forensic investigation was launched to determine the nature and scope of the security breach, which revealed its servers were compromised on April 27, 2022, and certain files containing sensitive data were accessed.  The review of those files confirmed on July 15, 2022, that they contained the sensitive information of current and former employees and data of its customers. Customers were notified about the attack on June 3, 2022.

The breach involved employee information such as names, healthcare member IDs, and information provided during health assessments. Customers have reported the breach as involving names, subscriber ID numbers, diagnoses, medications, addresses, dates of birth, sexes, physician demographics information, family histories, social histories, allergies, vitals, immunizations, and other information.

Initially, the breach was reported as affecting 1.1 million individuals, but the total has now been increased to 2,651,396 individuals. At least 34 organizations are known to have been affected, including Matrix Medical Network breach also affected Blue Shield of California Promise Health plan Kaiser Permanente, Geisinger, Health First, UPMC Health Plan, Humana, Aetna ACE, Anthem Inc, and other Blue Cross Blue Shield affiliates.

Get The Checklist

Free and Immediate Download
HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

OneTouchPoint is notifying certain individuals about the breach on behalf of some of its customers, but some customers have chosen to issue notifications themselves. OneTouchPoint said it is unaware of any misuse of the compromised information. Some of the affected customers have offered credit monitoring and identity theft protection services to their members.

At least one class action lawsuit has been filed against OneTouchPoint over the data breach.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.