OneTouchPoint Data Breach Places One Million Customers of Medical Services And Insurance Carriers At Risk For Identity Theft. Featured

OneTouchPoint, Inc. faces a proposed class action over an April 2022 data breach that allegedly exposed consumer information stored by the printing and mailing services provider.

The 46-page lawsuit alleges OneTouchPoint, whose customers include health insurance carriers and medical providers, failed to properly safeguard the personal information of over one million consumers.

Per the suit, the company has stated that the compromised data may have included consumers’ names, member IDs and information they provided in a health assessment. According to the case, OneTouchPoint obtains this data from the organizations for whom it provides mailing services.

The case alleges that consumers whose information was exposed to unauthorized access now face a heightened risk of identity theft and fraud, which, according to the suit, “will remain for their respective lifetimes.”

According to the lawsuit, OneTouchPoint first learned of the data breach on April 28, 2022, when it discovered encrypted files on certain computer systems. After an investigation, the defendant determined that the servers that were accessed contained consumers’ names, member IDs and “information that may have been provided during a health assessment.”

Although the breach was discovered in late April, OneTouchPoint waited several months, until July 27, to begin notifying those whose information was compromised. It is not clear why the defendant delayed sending data breach notices to victims despite being “well aware of the need to move quickly in responding to Data breach events.”

The suit says that because of OneTouchPoint’s “delayed response,” data breach victims “had no idea their Private Information had been compromised,” and were unaware of the “significant risk of identity theft and various other forms of personal, social, and financial harm.” Per the suit, victims whose information was accessed now face “years of constant surveillance” of their personal and financial accounts.

The lawsuit looks to cover all U.S. residents whose private information was actually or potentially accessed or acquired during the data breach referenced in the data breach notice published by OneTouchPoint on or around July 27, 2022.

List of Health Insurance And Medical Services Providers Affected By The Breach

  1. Anthem Affiliated Covered Entities
  2. Common Ground Healthcare Cooperative
  3. Banner Medicare Advantage Dual
  4. Blue Cross Blue Shield of Arizona
  5. MediSun, Inc. d/b/a Blue Cross Blue Shield of Arizona Advantage
  6. Health Choice Arizona, Inc
  7. Blue Cross Blue Shield of Massachusetts
  8. Blue Cross Blue Shield of Rhode Island
  9. Blue Cross Blue Shield of South Carolina Commercial
  10. BMC HealthNet Plan / Well Sense Health Plan
  11. CareFirst Advantage
  12. Clover Health
  13. Commonwealth Care Alliance
  14. ElderPlan/HomeFirst
  15. EmblemHealth Plan, Inc.
  16. Florida Blue
  17. Geisinger
  18. Health Alliance Plan of Michigan
  19. HAP Midwest Health Plan
  20. Health First
  21. Health New England
  22. Health Plan of San Mateo
  23. HealthPartners
  24. Highmark Health
  25. Humana
  26. Kaiser Permanente
  27. KS Plan Administrators, LLC
  28. MVP Health Care
  29. Pacific Source
  30. Premera Blue Cross Medicare Advantage Plans
  31. Prime Time Health Plan
  32. Point32Health
  33. Regence BlueCross BlueShield of Oregon
  34. Regence BlueCross BlueShield of Utah
  35. Regence BlueShield
  36. Regence BlueShield of Idaho, Inc.
  37. UPMC Health Plan
  38. Matrix Medical Network


Leave a Reply

Your email address will not be published. Required fields are marked *