Getty Images/iStockphoto

Geisinger, Kaiser Permanente, 35 Others Impacted By Third-Party Vendor Data Breach

Third-party mailing and printing vendor OneTouchPoint reported a breach that impacted 37 healthcare organizations, including Anthem ACE, Geisinger, and Kaiser Permanente.

OneTouchPoint (OTP), a third-party vendor that provides printing and mailing services to healthcare providers and health insurance carriers, disclosed a healthcare data breach that impacted 37 organizations.

According to a notice posted on the Maine Attorney General’s Office website, the breach impacted a total of 1,073,316 individuals. A notice on OTP’s website explained that OTP discovered encrypted files on certain computer systems on April 28.

OTP immediately launched an investigation and determined that an unauthorized party accessed certain servers starting on April 27. OTP began notifying the following customers of the incident on June 3:

  • Anthem Affiliated Covered Entities
  • Common Ground Healthcare Cooperative
  • Banner Medicare Advantage Dual
  • Blue Cross Blue Shield of Arizona
  • MediSun, Inc. d/b/a Blue Cross Blue Shield of Arizona Advantage
  • Health Choice Arizona, Inc
  • Blue Cross Blue Shield of Massachusetts
  • Blue Cross Blue Shield of Rhode Island
  • Blue Cross Blue Shield of South Carolina Commercial
  • BMC HealthNet Plan / Well Sense Health Plan
  • CareFirst Advantage
  • Commonwealth Care Alliance
  • ElderPlan/HomeFirst
  • EmblemHealth Plan, Inc.
  • Florida Blue
  • Geisinger
  • Health Alliance Plan of Michigan
  • HAP Midwest Health Plan
  • Health First
  • Health New England
  • Health Plan of San Mateo
  • HealthPartners
  • Highmark Health
  • Humana
  • Kaiser Permanente
  • KS Plan Administrators, LLC
  • MVP Health Care
  • Pacific Source
  • Premera Blue Cross Medicare Advantage Plans
  • Prime Time Health Plan
  • Point32Health
  • Regence BlueCross BlueShield of Oregon
  • Regence BlueCross BlueShield of Utah
  • Regence BlueShield
  • Regence BlueShield of Idaho, Inc.
  • UPMC Health Plan
  • Matrix Medical Network

The impacted files contained names, member ID, and information that was provided during a health assessment.

“We take the confidentiality, privacy, and security of information in its care seriously. Upon discovery, OTP immediately commenced an investigation to confirm the nature and scope of the incident,” OTP explained.

“OTP reported this incident to law enforcement and appropriate regulatory authorities, and OTP is taking steps to implement additional safeguards and review policies and procedures relating to data privacy and security.”

Next Steps

Dig Deeper on Healthcare data breaches