HARTLAND, Wis., July 27, 2022 /PRNewswire/ -- OneTouchPoint, Inc. ("OTP") is providing notice of an incident that may affect the privacy of certain individuals' personal information. OTP is a vendor who provides printing and mailing services to various health insurance carriers and medical providers. To perform these services, OTP was provided certain information by its customers. OTP is providing details of the incident, its response, and steps individuals may take to better protect their personal information, should they feel it appropriate to do so. This notice is made on behalf of the impacted covered entities listed at the website referenced below.
What Happened? On April 28, 2022, OTP discovered encrypted files on certain computer systems. OTP immediately launched an investigation, with the assistance of third-party forensic specialists, to determine the nature and scope of the activity. The investigation determined that there was unauthorized access to certain OTP servers beginning on April 27, 2022. On June 1, 2022, OTP learned that it would be unable to determine what specific files the unauthorized actor viewed within the OTP network. OTP provided a summary of the investigation to its customers beginning on June 3, 2022. OTP later determined that the impacted systems contained certain information related to individuals provided by its customers. While OTP is unable to say definitively what personal information was accessed by the unauthorized actor, OTP worked with their customers to determine what personal information related to individuals was stored on the OTP network, to whom that information related and OTP offered to mail letters to potentially impacted individuals on behalf of these customers. OTP has seen no evidence of misuse of any information related to this incident.
While the specific data elements vary for each potentially affected individual, the scope of information potentially involved includes an individual's name and one or more of member identification number, information provided as part of a health assessment, address, date of birth, description of service, date of service and diagnosis codes. One covered entity had Social Security numbers of members impacted.
OTP takes the confidentiality, privacy, and security of personal information in its care seriously. Upon discovery, OTP immediately commenced an investigation to confirm the nature and scope of the incident. OTP reported this incident to law enforcement and appropriate regulatory authorities, and OTP is taking steps to implement additional safeguards and review policies and procedures relating to data privacy and security.
OTP encourages individuals to remain vigilant against incidents of identity theft and fraud, to review account statements and explanation of benefits forms, and monitoring free credit reports for suspicious activity, and detect errors.
Individuals who want additional information about this event or to see a list of impacted customers can visit OTP's website at 1touchpoint.com.