At OneDigital, safeguarding your personal information is one of our top priorities, and because of that, we have state-of-the-art information security systems to protect your data. However, despite our efforts, OneDigital was the target of a sophisticated cyber-attack, and an unauthorized actor gained access to some of OneDigital’s systems and obtained personal information of some health and welfare plan participants.
OneDigital is providing notice of a data security incident. The following notice provides you with information about the incident, OneDigital’s response, and resources available to help individuals protect their information from possible misuse, should they feel it is necessary to do so. While we are unaware of misuse of information, we encourage individuals to remain vigilant against incidents of identity theft and fraud.
On or around January 20, 2021, OneDigital became aware of unusual activity on its network. Upon discovery of the unusual activity, OneDigital immediately investigated to better understand the nature and scope of this activity. Based on our investigation, we determined that an unauthorized individual(s) may have obtained files which contained personal information and protected health information about you. The investigation was not able to determine whether any specific personal information about you was viewed by the unauthorized individual(s). Out of an abundance of caution, a programmatic and manual review of the files was completed to determine whether sensitive personal information was present at the time of the incident. Through this process, OneDigital determined that certain personal information and personal health information was contained in the files.
What Information Is Involved?
It cannot be confirmed whether information related to individuals was actually accessed or viewed during this incident. However, OneDigital is providing notice to impacted individuals out of an abundance of caution. The information which was accessible within the compromised files included certain individuals’ clinical and financial information such as, name, address, date of birth, healthcare provider, health insurance number, group number, dates and types of health care services, medical record number, lab results, prescription, payment and claims information. The confidential information of a very small number of impacted individuals included a Social Security number.
What We Are Doing.
OneDigital takes this incident and the security of personal information entrusted to us very seriously. In response to this incident, OneDigital conducted a thorough forensic analysis and investigation. After blocking, containing, and eliminating the unauthorized individual(s), OneDigital implemented additional security measures to further fortify its network’s security measures and protocols, including enhancing administrative and technical safeguards and instituting more frequent and rigorous security training. OneDigital is also offering complimentary identity monitoring services through Kroll to individuals whose personal information was listed in the compromised files at the time of this incident.
What You Can Do.
Individuals can find out more about how to protect themselves against the potential misuse of their personal information by reviewing the guidance on this website. On this website, individuals can also find further information about complimentary access to identity monitoring services. You can activate those services here. For more information on how to protect against identity theft, we suggest that you contact the Federal Trade Commission and your state consumer protection agency.
For More Information.
OneDigital takes our responsibility to protect the information that you entrust to us very seriously, and we are here to support you. If you have questions about this incident that are not addressed in this notice, please do not hesitate to call (855) 551-1516 from 8:00 a.m. - 5:30 p.m. Central Time, Monday through Friday.
Who is OneDigital?
Information about OneDigital can be found at www.onedigital.com.