OnePoint patient care reports data breach

OnePoint Patient Care (OPPC) has disclosed a data security incident that occurred between August 6 and August 8, 2024.

After detection on August 8, 2024, OPPC contained the incident, notified law enforcement, and initiated an investigation with the assistance of external data security experts. An unauthorized party accessed OPPC's computer network, compromising sensitive customer information, including:​

• Names
• Residence information
• Medical record numbers
• Diagnosis and prescription details
• Social Security numbers (for some individuals)​

The number of affected individuals and the nature of the attack is not disclosed.

Update - as of 25th of October 2024, the breach affects more than 795,000 individuals, according to OPPC’s notification to the U.S. Department of Health and Human Services. The attack was claimed by the Inc Ransom ransomware group.

As of 2nd of December 2024, OnePoint Patient Care OPPC’s in a filing with the Attorney General of Maine reports that the data breach affecting over 1.7 million people.

The company is in the process of notifying affected individuals and recommends that they monitor their credit reports, account statements, and benefit statements for any suspicious activity.