Quintilone & Associates is currently investigating the Hartland, Wisconsin-based OneTouchPoint, Inc. (“OTP”), a printing and mailing company that provides services to various healthcare providers, for failing to safeguard sensitive patient information in a data breach that occurred in April 2022.  The incident happened when the company discovered suspicious activity on its computer systems.  An investigation into the attack found that an unauthorized actor had gained access to files that contained patient names, member ID numbers, and information provided during patients’ health assessments.  So far from other sources, we are aware of the affected healthcare practices affected by the data breach at OTP include, but are not limited to:

  1. Anthem Affiliated Covered Entities
  2. Common Ground Healthcare Cooperative
  3. Banner Medicare Advantage Dual
  4. Blue Cross Blue Shield of Arizona
  5. MediSun, Inc. d/b/a Blue Cross Blue Shield of Arizona Advantage
  6. Health Choice Arizona, Inc
  7. Blue Cross Blue Shield of Massachusetts
  8. Blue Cross Blue Shield of Rhode Island
  9. Blue Cross Blue Shield of South Carolina Commercial
  10. BMC HealthNet Plan / Well Sense Health Plan
  11. CareFirst Advantage
  12. Commonwealth Care Alliance
  13. ElderPlan/HomeFirst
  14. EmblemHealth Plan, Inc.
  15. Florida Blue
  16. Geisinger
  17. Health Alliance Plan of Michigan
  18. HAP Midwest Health Plan
  19. Health First
  20. Health New England
  21. Health Plan of San Mateo
  22. HealthPartners
  23. Highmark Health
  24. Humana
  25. Kaiser Permanente
  26. KS Plan Administrators, LLC
  27. MVP Health Care
  28. Pacific Source
  29. Premera Blue Cross Medicare Advantage Plans
  30. Prime Time Health Plan
  31. Point32Health
  32. Regence BlueCross BlueShield of Oregon
  33. Regence BlueCross BlueShield of Utah
  34. Regence BlueShield
  35. Regence BlueShield of Idaho, Inc.
  36. UPMC Health Plan
  37. Matrix Medical Network

OTP investigated the incident and sent notification letters to affected individuals, the company noted that the breach occurred in April 2022.  Due to the lapse in time between the breach and the company’s notice to affected practices, internet hackers, scam artists, criminals with internet access, and other malcontents may have already been able to acquire and sell patient information such as social security numbers, date of birth, and addresses.  In previous data breaches, victims of data theft have spent money on credit monitoring services or paying off illegal loans, credit cards opened in their name or other charges.  Some individuals affected by the data breach may have noticed one or more of the following types of activity (1) unrecognized credit card charges, (2) new unknown loans (3) requests for government services like welfare or other services (4) medical procedures ordered without patient consent, or (5) a disrupted use of a patient portal to the care provider. As an example see 

Have you recently received a data breach notification letter from OneTouchPoint, Inc.?

If so, we would like to hear from you.  Please complete the contact form on this page, send us an email at req@quintlaw.com, or give us a call at 949.458.9675 

Location: Lake Forest, CA, USA