OnePoint Patient Care (OPPC), an Arizona-based hospice pharmacy that serves over 40,000 patients per day, is informing customers about a data breach impacting their personal information.

According to the healthcare organization, it detected suspicious activity on its network on August 8, 2024. 

An investigation revealed a week later that before the cyberattack was detected, the hackers had obtained files containing personal information from OPPC systems. 

Compromised data includes names, residence information, medical records, and information on prescriptions and diagnosis. For some of the impacted individuals, Social Security numbers were also taken, the organization said. 

OPPC told the US Department of Health and Human Services that the data breach impacts over 795,000 people. 

The Inc Ransom ransomware group took credit for the attack on OPPC in mid-September, listing the company on its Tor-based leak website.

OnePoint Patient Care is still listed on the Inc Ransom site and the cybercriminals have made public data allegedly stolen from the organization, which indicates that a ransom has not been paid.

Microsoft warned recently that an Inc Ransom affiliate has been observed targeting the US healthcare sector. 

Related: 88,000 Impacted by Access Sports Data Breach Resulting From Ransomware Attack

Related: Xerox Confirms Data Breach at US Subsidiary Following Ransomware Attack

Related: Yamaha Motor Confirms Data Breach Following Ransomware Attack