OneTouchPoint, a provider of mailing and printing services, has disclosed a data breach affecting more than 30 healthcare providers and health insurance companies.
OneTouchPoint, headquartered in Hartland, Wisconsin, provides healthcare organizations with print, marketing execution, and supply chain management services.
This week, the company disclosed that it recently suffered a ransomware attack that compromised personally identifiable information (PII) stored on its systems.
On April 28, OneTouchPoint discovered encrypted files on some of its systems and immediately began investigating the incident. Later, it was discovered that the attackers had accessed its network on April 27, but it was unable to determine which files had been accessed.
The company later determined that the compromised systems contained PII belonging to its customers, including their names, addresses, birth dates, date of service, description of service, diagnosis codes, health assessment information, and member ID.
For one customer, the compromised information also included Social Security numbers.
OneTouchPoint also notes that it has been working with affected customers to identify individuals whose data may have been compromised and has begun sending data breach notifications on their behalf.
In a data breach notice posted on its website, OneTouchPoint lists 34 healthcare insurance carriers and healthcare services providers as having been affected, although the number appears to be greater.
After learning that their subcontractor, Matrix Medical Network, was affected by the OneTouchPoint ransomware attack, at least two other entities, Arkansas Blue Cross and Blue Shield and Blue Shield of California Promise Health Plan, have sent data breach notifications.
It is currently unknown how many people may have been affected by the incident.
OneTouchPoint has not disclosed information regarding the ransomware used in the attack.
