Two hacking incidents involving vendors providing IT-related and other services to dozens of covered entity clients demonstrate how mounting reliance on third parties creates increased risk to patient data.
One incident involves Avamere Health Services LLC, a business associate providing IT services to healthcare entities. The other originates with OneTouchPoint, a company providing printing and mailing services to health insurers.
The Avamere Health Services hacking incident has so far resulted in two related health data breaches affecting nearly 100 covered entities and a total of nearly 381,000 individuals being reported to federal regulators.
In addition to the Avamere/Infinity incident, Wisconsin-based OneTouchPoint, a vendor that provides printing and mailing services, is reporting an apparent ransomware incident affecting more than three dozen of its health insurer clients – and nearly 1.1 million individuals, according to a breach report submitted by the company to Maine’s attorney general on July 27.
