OneTouchPoint hit by ransomware attack
Be careful, hackers are looking at your data. Image by Tim Sandle
The, mailing and printing services vendor OneTouchPoint has disclosed a data breach. This cyber-incident has impacted at least 34 healthcare organizations. OneTouchPoint is headquartered in Hartland, Wisconsin, and is known for providing various kinds of services related to printing, marketing execution, and supply chain management, especially to the healthcare sector.
According to Security Week, at least two other firms – Arkansas Blue Cross and Blue Shield and Blue Shield of California Promise Health Plan – have sent data breach notifications after learning that their subcontractor, Matrix Medical Network, was impacted by the OneTouchPoint ransomware attack.
The ransomware attack compromised the personally identifiable information stored in their systems including customer names, addresses, birth dates, service description, diagnosis codes, member identification and health assessment information.
Looking into this matter for Digital Journal is Craig McDonald, VP of Product Management at BackBox.
McDonald begins by explaining the nature and scale of the cyberattack, noting: “This ransomware attack on a prominent mailing and printing services vendor resulted in the compromise of personally identifiable information of the patients belonging to over 30 healthcare firms, including Social Security numbers, names, addresses, birth dates, date of service, description of service, diagnosis codes and member ID.”
There are some commonalities with previous security incidents, says McDonald, adding: “While it isn’t clear if the attacker targeted this vendor to impact the healthcare organizations that it services, it is clear that targeting vendors and suppliers is becoming a common trend among cybercriminals, and organizations must keep cybersecurity efforts top-of-mind to prevent these malicious attacks.”
Healthcare organisations present an attractive target to cybercriminals due to the vast amounts of personal data that needs to be held about each patient. These types of data are of value to other nefarious actors.
McDonald says that the important lesson for all types of organisations that can be drawn from this incident is protection. Hence, McDonald says: “It is crucial for companies to be prepared with proper backup and recovery efforts should they fall victim to a ransomware attack.”
This is especially so for the medical field. According to McDonald: “Healthcare organizations are particularly vulnerable when it comes to ransomware and other cyberattacks due to the degree of sensitive information stored within these enterprises’ IT systems.”
In terms of preventative measures, McDonald recommends: “Automating network security processes, scheduling regular backups and keeping the network security posture up-to-date can lessen the negative impacts of ransomware attacks, ultimately keeping patients protected.”
McDonald also advises: “Leveraging network security automation can simplify these processes and eliminate the chance of human error, while actively preventing similar attacks by prioritizing network security.”