"OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms"

Mailing and printing services vendor OneTouchPoint has disclosed a data breach impacting more than 30 healthcare providers and health insurance carriers.  OneTouchPoint offers print, marketing execution, and supply chain management services to organizations in the healthcare sector.  The company revealed this week that it recently fell victim to a ransomware attack that has resulted in the compromise of personally identifiable information (PII) stored on its systems.  The company stated that it found encrypted files on some of its systems on April 28 and immediately started investigating the incident.  It later discovered that the attackers had accessed its network on April 27 but could not determine which files the attackers had accessed within its network.  Later the company determined that the compromised systems contained PII provided by its customers, including names, addresses, birth dates, date of service, description of service, diagnosis codes, information provided as part of a health assessment, and member ID.  For one customer, Social Security numbers were also included in the compromised information.  In a data breach notice on its website, the company lists 34 healthcare insurance carriers and healthcare services providers that have been impacted, but the number appears to be larger.  At least two other entities, Arkansas Blue Cross and Blue Shield and Blue Shield of California Promise Health Plan, have sent data breach notifications after learning that their subcontractor, Matrix Medical Network, was impacted by the OneTouchPoint ransomware attack.

SecurityWeek reports: "OneTouchPoint Discloses Data Breach Impacting Over 30 Healthcare Firms"