Cyber Incident Victim: OneTouchPoint
Date:
Apr 2022
Location:
United States of America
Summary
A ransomware attack on a printing and mailing services provider compromised data from at least 34 healthcare organizations, exposing sensitive customer information including names, healthcare member IDs, addresses, dates of birth, diagnoses, medications, provider details, and medical histories. The company discovered encrypted files on its systems and later determined it could not definitively identify which specific files were accessed by unauthorized actors. Several healthcare clients, including insurance carriers and medical providers, confirmed downstream breaches affecting their members, with one organization reporting over 1,400 individuals impacted. While the provider did not offer identity theft protection, at least one affected healthcare entity arranged complimentary credit monitoring services. Law enforcement was notified, but no ransomware group claimed responsibility for the incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On April 28, 2022, OneTouchPoint—a provider of printing and mailing services for healthcare organizations—discovered encrypted files on certain computer systems, indicating a ransomware attack. The company conducted an investigation but determined by early June that it could not definitively identify which specific files the unauthorized actor accessed within its network. OneTouchPoint notified its affected customers on June 3, 2022, and subsequently issued a public breach notice on July 27. The breach impacted at least 34 healthcare organizations, including health insurance carriers and medical providers that shared customer data with OneTouchPoint for processing. While the company could not confirm the exact scope of compromised personal information, analysis revealed that exposed data included names, addresses, dates of birth, healthcare member IDs, provider names, medical diagnoses, medications, family histories, social histories, allergies, immunization records, and information from health assessments. OneTouchPoint reported the incident to law enforcement but did not disclose the total number of affected individuals or identify a responsible ransomware group.
Downstream effects emerged as healthcare organizations independently disclosed their exposure. Arkansas BlueCross and BlueShield confirmed in June 2022 that 1,423 members had data compromised via Matrix Medical Network, a former service provider that used OneTouchPoint. Similarly, Blue Shield of California Promise Health Plan attributed its July 2022 breach notification to the OneTouchPoint incident through Matrix Medical Network, exposing additional sensitive patient demographics and clinical details. OneTouchPoint offered to mail breach notifications on behalf of impacted entities but did not provide identity theft protection services. Blue Shield of California Promise Health Plan separately arranged one year of complimentary Experian IdentityWorks for affected individuals. The attack exemplified broader trends in healthcare-sector targeting, occurring alongside incidents such as the Hive ransomware group’s March 2022 attack on a California nonprofit and a June 2022 breach at Shields Health Care Group affecting two million individuals.