OneTouchPoint, Inc. faces a proposed class action over an April 2022 data breach that allegedly exposed consumer information stored by the printing and mailing services provider.
The 46-page lawsuit alleges OneTouchPoint, whose customers include health insurance carriers and medical providers, failed to properly safeguard the personal information of over one million consumers.
Per the suit, the company has stated that the compromised data may have included consumers’ names, member IDs and information they provided in a health assessment. According to the case, OneTouchPoint obtains this data from the organizations for whom it provides mailing services.
The case alleges that consumers whose information was exposed to unauthorized access now face a heightened risk of identity theft and fraud, which, according to the suit, “will remain for their respective lifetimes.”
According to the lawsuit, OneTouchPoint first learned of the data breach on April 28, 2022, when it discovered encrypted files on certain computer systems. After an investigation, the defendant determined that the servers that were accessed contained consumers’ names, member IDs and “information that may have been provided during a health assessment.”
Although the breach was discovered in late April, OneTouchPoint waited several months, until July 27, to begin notifying those whose information was compromised. It is not clear why the defendant delayed sending data breach notices to victims despite being “well aware of the need to move quickly in responding to Data breach events.”
The suit says that because of OneTouchPoint’s “delayed response,” data breach victims “had no idea their Private Information had been compromised,” and were unaware of the “significant risk of identity theft and various other forms of personal, social, and financial harm.” Per the suit, victims whose information was accessed now face “years of constant surveillance” of their personal and financial accounts.
The lawsuit looks to cover all U.S. residents whose private information was actually or potentially accessed or acquired during the data breach referenced in the data breach notice published by OneTouchPoint on or around July 27, 2022.
List of Health Insurance And Medical Services Providers Affected By The Breach
- Anthem Affiliated Covered Entities
- Common Ground Healthcare Cooperative
- Banner Medicare Advantage Dual
- Blue Cross Blue Shield of Arizona
- MediSun, Inc. d/b/a Blue Cross Blue Shield of Arizona Advantage
- Health Choice Arizona, Inc
- Blue Cross Blue Shield of Massachusetts
- Blue Cross Blue Shield of Rhode Island
- Blue Cross Blue Shield of South Carolina Commercial
- BMC HealthNet Plan / Well Sense Health Plan
- CareFirst Advantage
- Clover Health
- Commonwealth Care Alliance
- EmblemHealth Plan, Inc.
- Florida Blue
- Health Alliance Plan of Michigan
- HAP Midwest Health Plan
- Health First
- Health New England
- Health Plan of San Mateo
- Highmark Health
- Kaiser Permanente
- KS Plan Administrators, LLC
- MVP Health Care
- Pacific Source
- Premera Blue Cross Medicare Advantage Plans
- Prime Time Health Plan
- Regence BlueCross BlueShield of Oregon
- Regence BlueCross BlueShield of Utah
- Regence BlueShield
- Regence BlueShield of Idaho, Inc.
- UPMC Health Plan
- Matrix Medical Network