Data Breach at OnePoint Patient Care Exposes Information of 1.7 Million Individuals

OnePoint Patient Care (OPPC), a leading pharmacy specializing in hospice care, has reported a significant data breach potentially compromising the sensitive personal and medical information of 1,741,152 individuals.

The breach was identified on August 8, 2024, when OPPC discovered unauthorized access to its network. According to a filing with the Office of the Maine Attorney General, attackers had extracted data from the company’s systems over an unspecified period. Among the affected individuals are 99 residents of Maine.

The compromised data includes highly sensitive information, such as patients’ names, addresses, residential details, medical record numbers, diagnoses, Social Security numbers, and prescription details.

OPPC has stated that there is no evidence suggesting the misuse of user information for fraud or identity theft.

“In an abundance of caution, we are notifying you of the potential exposure of your personal information, even though we cannot confirm it was accessed,” the company wrote in a letter to affected individuals.

OPPC is providing affected individuals with complimentary identity protection and credit monitoring services for one year. The company also advises individuals to closely monitor their credit reports, account statements, and benefit statements for any unusual activity.

As one of the nation’s largest hospice-focused pharmacy and pharmacy benefits management providers, OPPC serves hundreds of hospice organizations. The company manages pharmacy benefits for over 40,000 patients daily, offering services such as prescription fulfillment, custom compounding, formulary creation, and home delivery.