OneTouchPoint, Inc. faces a proposed class action over an April 2022 data breach that allegedly exposed consumer information stored by the printing and mailing services provider.

The 46-page lawsuit alleges OneTouchPoint, whose customers include health insurance carriers and medical providers, failed to properly safeguard the personal information of over one million consumers.

Per the suit, the company has stated that the compromised data may have included consumers’ names, member IDs and information they provided in a health assessment. According to the case, OneTouchPoint obtains this data from the organizations for whom it provides mailing services.

The case alleges that consumers whose information was exposed to unauthorized access now face a heightened risk of identity theft and fraud, which, according to the suit, “will remain for their respective lifetimes.”

According to the lawsuit, OneTouchPoint first learned of the data breach on April 28, 2022, when it discovered encrypted files on certain computer systems. After an investigation, the defendant determined that the servers that were accessed contained consumers’ names, member IDs and “information that may have been provided during a health assessment.”

Although the breach was discovered in late April, OneTouchPoint waited several months, until July 27, to begin notifying those whose information was compromised. It is not clear why the defendant delayed sending data breach notices to victims despite being “well aware of the need to move quickly in responding to Data breach events.”

The suit says that because of OneTouchPoint’s “delayed response,” data breach victims “had no idea their Private Information had been compromised,” and were unaware of the “significant risk of identity theft and various other forms of personal, social, and financial harm.” Per the suit, victims whose information was accessed now face “years of constant surveillance” of their personal and financial accounts.

The lawsuit looks to cover all U.S. residents whose private information was actually or potentially accessed or acquired during the data breach referenced in the data breach notice published by OneTouchPoint on or around July 27, 2022.

List of Health Insurance And Medical Services Providers Affected By The Breach

1. Anthem Affiliated Covered Entities
2. Common Ground Healthcare Cooperative
3. Banner Medicare Advantage Dual
4. Blue Cross Blue Shield of Arizona
5. MediSun, Inc. d/b/a Blue Cross Blue Shield of Arizona Advantage
6. Health Choice Arizona, Inc
7. Blue Cross Blue Shield of Massachusetts
8. Blue Cross Blue Shield of Rhode Island
9. Blue Cross Blue Shield of South Carolina Commercial
10. BMC HealthNet Plan / Well Sense Health Plan
11. CareFirst Advantage
12. Clover Health
13. Commonwealth Care Alliance
14. ElderPlan/HomeFirst
15. EmblemHealth Plan, Inc.
16. Florida Blue
17. Geisinger
18. Health Alliance Plan of Michigan
19. HAP Midwest Health Plan
20. Health First
21. Health New England
22. Health Plan of San Mateo
23. HealthPartners
24. Highmark Health
25. Humana
26. Kaiser Permanente
27. KS Plan Administrators, LLC
28. MVP Health Care
29. Pacific Source
30. Premera Blue Cross Medicare Advantage Plans
31. Prime Time Health Plan
32. Point32Health
33. Regence BlueCross BlueShield of Oregon
34. Regence BlueCross BlueShield of Utah
35. Regence BlueShield
36. Regence BlueShield of Idaho, Inc.
37. UPMC Health Plan
38. Matrix Medical Network

Tags: data breach   OneTouchPoint   Personal Identifying Information