Excerpt from The HIPAA Journal Article, Published on Nov 28, 2024.
OnePoint Patient Care, a Tempe, Arizona-based pharmacy specializing in hospice care, has suffered a massive data breach affecting 1,741,152 individuals, more than double the originally reported figure of 795,916. The breach, linked to the INC Ransom group, has exposed sensitive personal and medical information, including names, diagnoses, prescription details, and, in some cases, Social Security numbers.
Suspicious activity within OnePoint’s network was first identified on August 8, 2024, prompting immediate action to contain the breach and involve third-party cybersecurity experts. Investigations revealed that between August 6 and August 8, 2024, hackers exfiltrated files from the company’s systems. Notification letters to affected individuals began mailing on November 26, 2024.
The INC Ransom group, known for its double-extortion tactics, has claimed responsibility for the attack. While it is unclear whether a ransom was paid to recover files, the group published the stolen data on its leak site, where it has already been viewed over 14,000 times. The availability of this data significantly increases the likelihood of misuse, making it critical for affected individuals to remain vigilant.
OnePoint has offered credit monitoring and identity theft protection services to individuals whose Social Security numbers were compromised. The company maintains that it is unaware of any actual or attempted misuse of the stolen data but advises all affected parties to monitor their financial and health-related accounts for suspicious activity.
This breach highlights a broader trend of cyberattacks targeting healthcare organizations. For instance, Northeast Spine and Sports Medicine in New Jersey reported a data breach affecting 6,300 individuals, while Dohman, Akerlund & Eddy in Nebraska disclosed a breach impacting 9,941 individuals.
With ransomware attacks increasing in frequency and sophistication, organizations are under growing pressure to strengthen their cybersecurity measures. OnePoint has assured its commitment to enhancing safeguards to prevent similar incidents in the future, but the breach underscores the critical importance of robust data protection in the healthcare sector.
To delve deeper into this topic, please read the full article The HIPAA Journal.
