DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Mailing and printing vendor issues breach notice on behalf of more than three dozen health plans

Posted on July 28, 2022 by Dissent

Update:  On July 27, OneTouchPoint notified the Maine Attorney General’s Office that a total of 1,073,316 people were impacted by their breach.


In June, Arkansas Blue Cross and Blue Shield disclosed a breach involving their business associate, Matrix. Matrix had been notified by OneTouchPoint of a cyberattack that occurred between April 27 and April 28.  OneTouchPoint, provides printing and mailing services to health insurance carriers and medical providers. Arkansas BCBS reported that 1,423 of its members were impacted.

This month, Blue Shield of California (and BS Promise Health Plan) also revealed that some of their members had been impacted by the incident involving OneTouchPoint:

On May 20, 2022, Blue Shield learned that a subcontractor of a Blue Shield vendor, Matrix Medical Network (‘Matrix’), was the victim of a ransomware event. On April 28, 2022, Matrix’s subcontractor, OneTouchPoint (‘OTP’), detected suspicious network activity and confirmed a threat actor had infiltrated OTP’s servers. Matrix notified Blue Shield about the incident on June 16, 2022; your protected health information may have been accessed.

Blue Shield of California reported that 1,506 of their members and BS Promise Health Plan members were impacted.

This week, OneTouchPoint has issued its own notification about the incident on behalf of some covered entities.  Their notification explains, in part:

What Happened? On April 28, 2022, OTP discovered encrypted files on certain computer systems. OTP immediately launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity. The investigation determined that there was unauthorized access to certain OTP servers beginning on April 27, 2022. On June 1, 2022, OTP learned that it would be unable to determine what specific files the unauthorized actor viewed within the OTP network. OTP provided a summary of the investigation to its customers beginning on June 3, 2022.

[…]

While the specific data elements vary for each potentially affected individual, the scope of information potentially involved includes an individual’s name and one or more of member identification number, information provided as part of a health assessment, address, date of birth, description of service, date of service and diagnosis codes. One covered entity had Social Security numbers of members impacted.

Their notice does not identify what ransomware group or threat actor was responsible and whether there was any ransom demanded, negotiated, or paid. The incident has not shown up yet on any dedicated dark web leak sites (or if it has, DataBreaches has not spotted it yet).

The website version of their notice provides the list of covered entities on whose behalf they are providing notice:

Common Ground Healthcare Cooperative
Banner Medicare Advantage Dual
Blue Cross Blue Shield of Arizona
MediSun, Inc. d/b/a Blue Cross Blue Shield of Arizona Advantage
Health Choice Arizona, Inc
Blue Cross Blue Shield of Massachusetts
Blue Cross Blue Shield of Rhode Island
Blue Cross Blue Shield of South Carolina Commercial
BMC HealthNet Plan / Well Sense Health Plan
Cambia Health Solutions
CareFirst Advantage
Caresource
Commonwealth Care Alliance
ElderPlan, Inc
EmblemHealth Plan, Inc.
Florida Blue
Geisinger
Health Alliance Plan of Michigan
HAP Midwest Health Plan
Health First
Health New England
Health Plan of San Mateo
HealthPartners
Highmark Health
Humana
Kaiser Permanente
KS Plan Administrators, LLC
MVP Health Care
Pacific Source
Premera Blue Cross Medicare Advantage Plans
Prime Time Health Plan
Point32Health
UCare Minnesota
UPMC
Matrix Medical Network
ElderPlan, Inc.
Health New England
Banner Medicare Advantage Dual

Category: Health DataSubcontractorU.S.

Post navigation

← City of Detroit retirees data breach causes concern
Kansas MSP shuts down cloud services to fend off cyberattack →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • New evidence links long-running hacking group to Indian government
  • Zaporizhzhia Cyber ​​Police Exposes Hacker Who Caused Millions in Losses to Victims by Mining Cryptocurrency
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Google: Hackers target Salesforce accounts in data extortion attacks
  • The US Grid Attack Looming on the Horizon
  • US govt login portal could be one cyberattack away from collapse, say auditors
  • Two Men Sentenced to Prison for Aggravated Identity Theft and Computer Hacking Crimes
  • 100,000 UK taxpayer accounts hit in £47m phishing attack on HMRC
  • CISA Alert: Updated Guidance on Play Ransomware
  • Almost one year later, U.S. Dermatology Partners is still not being very transparent about their 2024 breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How the FBI Sought a Warrant to Search Instagram of Columbia Student Protesters
  • Germany fines Vodafone $51 million for privacy, security breaches
  • Malaysia enacts data sharing rules for public sector
  • U.S. Enacts Take It Down Act
  • 23andMe Bankruptcy Judge Ponders Trump Bill’s Injunction Impact
  • Hell No: The ODNI Wants to Make it Easier for the Government to Buy Your Data Without Warrant
  • US State Dept. says silence or anonymity on social media is suspicious

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.