Medical entities must take care in protecting their systems, as they are prime targets for hackers and identity thieves. This class action brings suit against OneTouchPoint West Corp. (OTP), CareSource, CareSource Ohio, Inc., CareSource Indiana, Inc., and CareSource Georgia, Co., alleging they bear some responsibility for a data breach that exposed the personally identifiable information (PII) and protected health information (PHI).
A class and three subclasses have been proposed for this action:
- The Nationwide Class is all individuals in the US who had their private information stolen or compromised as a result of the data breach, including all those who were sent a notice of the data breach.
- The Indiana, Ohio, and Georgia Subclasses are all residents of those states, respectively, who had their private information stolen or compromised as a result of the data breach, including all those who were sent a notice of the data breach.
The data breach in question took place on OTP’s network on April 27, 2022, and the complaint alleges that “the company was unable to say definitively what personal information was accessed by the unauthorized actor.”
The complaint says the information may have included patient names, ages, member IDs, health insurance plan names, health condition, and information given during a health assessment. In some cases, the complaint alleges, for some customers of CareSource, the complaint alleges, Social Security numbers may also have been compromised.
Despite the fact that the data breach took place on April 27, was discovered on April 28, and was confirmed on July 27, the complaint alleges that OTP did not begin notifying the individual victims whose information had been stolen until August 10, 2022. “Despite this delay,” the complaint claims, “the notification letter sent by OTP did not offer to change the Plaintiffs’ Member ID or recommend protective measures aside from recommending that Plaintiffs ‘review your mail from CareSource to make sure it looks right.’”
The complaint alleges that OTP offers such things as brand management, marketing, and print-pack-ship services for healthcare entities, such as CareSource. It claims that “CareSource is responsible for ensuring that any third-party vendors it contracts with will safeguard the Private Information of its customers.”
According to the complaint, OTP touted its security: “OTP’s website states that it is part of an exclusive group of organizations worldwide certified by the Health Information Trust alliance (‘HITRUST’). OTP claims that the security framework ensures solutions are built within secure web-based technology and is HIPAA compliant.”
But the complaint claims that OTP failed to comply with industry standards or the Federal Trade Commission’s guidelines for private businesses on data security practices.
Article Type: LawsuitTopic: Privacy
Most Recent Case Event
OneTouchPoint West, CareSource Data Breach Complaint
September 26, 2022
Medical entities must take care in protecting their systems, as they are prime targets for hackers and identity thieves. This class action brings suit against OneTouchPoint West Corp. (OTP), CareSource, CareSource Ohio, Inc., CareSource Indiana, Inc., and CareSource Georgia, Co., alleging they bear some responsibility for a data breach that exposed the personally identifiable information (PII) and protected health information (PHI).
OneTouchPoint West, CareSource Data Breach ComplaintCase Event History
OneTouchPoint West, CareSource Data Breach Complaint
September 26, 2022
Medical entities must take care in protecting their systems, as they are prime targets for hackers and identity thieves. This class action brings suit against OneTouchPoint West Corp. (OTP), CareSource, CareSource Ohio, Inc., CareSource Indiana, Inc., and CareSource Georgia, Co., alleging they bear some responsibility for a data breach that exposed the personally identifiable information (PII) and protected health information (PHI).
OneTouchPoint West, CareSource Data Breach Complaint