OneTouchPoint’s Data Breach
Table of Contents
- By Steven
- Sep 02, 2022
OneTouchPoint is the latest victim of relentless hackers. The company was breached in an online attack that culminated in the theft of data from several million accounts. The attack occurred in July. Here's the inside scoop on the OneTouchPoint breach.
How Was the Attack Conducted?
Though information is limited regarding the OneTouchPoint hack, it is clear that there was an external system breach. In total, nearly 40 health plans were compromised by the attack. However, the figure can potentially expand in the future as more details are revealed.
It appears as though the threat actor obtained access to encrypted files on OneTouchPoint computers. The ensuing investigation revealed hackers illegitimately accessed company servers in late April. It must be noted that company representatives initially admitted that they could not determine which files were accessed within the network. However, the company later provided additional information about the extent of access.
The hackers stole member IDs, names, information patients provided to doctors and assistants at appointments, and more. However, the silver lining is that the rest of the highly sensitive information commonly accessed in online attacks, ranging from financial information to social security numbers, was not compromised.
Why Is the Hack So Significant?
The breach is meaningful as OneTouchPoint is a massive company. As noted above, several million accounts were accessed by hackers. Though several other healthcare data breaches have occurred through the initial eight months of the year, few are as large as the OneTouchPoint hack.
What Did the Updated Breach Report State?
OneTouchPoint initially filed a breach report that stated hackers accessed only 1.1 million accounts. The truth is that 2.65 million accounts were actually compromised in the attack. The updated report clarifies that residents from several states were compromised in the attack.
The data breach, data theft, and ensuing identity theft spurred a class action lawsuit filing. Those victimized by the breach are going to the extent of suing OneTouchPoint in a court of law to right this egregious wrong in the form of financial compensation awarded through a court award or settlement.
How Did OneTouchPoint Respond to the Hack?
OneTouchPoint is worthy of criticism in this instance, as it appears the company rolled out a lowball estimate of the number of accounts illegally accessed in the breach. Furthermore, the company has also been criticized for not adding all health plans to the list.
For example, Common Ground Healthcare Collaborative reported the breach to a local governmental office, highlighting that OneTouchPoint's lack of digital security protections caused the attack. The number of victims from the Common Ground Healthcare Collaborative breach amounts to nearly 134,000.
How Can Businesses Prevent Similar Breaches?
The most important thing a business owner or manager can do is implement antivirus and digital security protections. Instead of assuming such protections will provide indefinite defense, continue to update those cybersecurity safeguards as tech becomes more dynamic. Furthermore, yearly risk analysis will also help.
Even implementing unambiguous language to the language of associate contracts will make a difference. Such language should detail the expectations of the covered business or other group's associate in the event of an incident. Above all, businesses and everyday people are encouraged to upgrade their digital defenses at least once every 6-12 months.