The number of persons impacted by the ransomware attack on OneTouchPoint, the mailing and printing vendor based in Hartland, WI, has now grown to 2,651,396 people. One of the most recent companies to confirm being impacted by the attack is Common Ground Healthcare Cooperative based in Brookfield, WI. The cyberattack affected 133,714 of the Cooperative’s members.
OneTouchPoint stated it detected the attack on April 28, 2022 after data files on its systems had been encrypted. It launched a forensic investigation to find out the nature and extent of the data breach, which confirmed the compromise of its servers on April 27, 2022. Some files that contain sensitive information were viewed. On July 15, 2022, the analysis of those files confirmed the inclusion of the sensitive data of present and past employees and information of its clients. Affected individuals had been informed about the cyberattack on June 3, 2022.
The breach affected employee data, for example, names, data supplied during health examinations, and healthcare member IDs. Customers’ data that had been affected by the breach included names, diagnoses, prescription drugs, addresses, subscriber ID numbers, birth dates, genders, doctor demographics data, family backgrounds, social histories, immunizations, allergies, vitals, and other data.
At first, OneTouchPoint reported the breach as affecting 1.1 million persons, however, the total now rose to 2,651,396 persons. About 34 companies are identified to have been impacted, which include Matrix Medical Network, Promise Health plan, Blue Shield of California, Kaiser Permanente, Geisinger, Health First, Humana, UPMC Health Plan, Aetna ACE, other Blue Cross Blue Shield affiliates, and Anthem Inc.
OneTouchPoint is informing selected persons concerning the data breach on behalf of a number of its clients, however, some clients opted to send the notifications themselves. OneTouchPoint mentioned it doesn’t know of any improper use of the exposed information. A number of the impacted clients have provided their members with credit monitoring and identity theft protection services.
OneTouchPoint is also facing at least one class action lawsuit over the data breach.