On April 17, 2023, Point32Health, the parent company of Harvard Pilgrim Health Care and Tufts Health Plan, announced that it had detected a cybersecurity ransomware incident on its computer systems. The company has since been working with third-party cybersecurity experts to conduct a thorough investigation into the incident and to remediate the situation.
The investigation has revealed that data was copied and taken from Harvard Pilgrim systems between March 28, 2023, and April 17, 2023. The company has determined that the files at issue may contain personal information and/or protected health information belonging to current and former subscribers and dependents, as well as current contracted providers.
The potentially impacted information includes names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information such as medical history, diagnoses, treatment, dates of service, and provider names.
At this point, Harvard Pilgrim is not aware of any misuse of personal information or protected health information resulting from this incident. However, the company is taking this incident extremely seriously and deeply regrets any inconvenience this incident may cause. Harvard Pilgrim is notifying potentially affected individuals and providing them with more information and resources. The notification includes information on steps individuals can take to protect themselves against potential fraud or identity theft.
Harvard Pilgrim is also offering complimentary identity protection and access to two years of credit monitoring services for potentially affected individuals. The company recommends that individuals regularly monitor their credit reports, account statements, and benefit statements and promptly report any suspicious or fraudulent activity to the entity with which the account is maintained and the proper law enforcement authorities, including the police and their state attorney general.
In response to this incident, Harvard Pilgrim is taking steps to implement additional data security enhancements and safeguards to better protect against similar events in the future. The company has always been committed to prioritizing the security of the data entrusted to it.
Harvard Pilgrim has established a dedicated call center for individuals to contact with questions. The call center can be reached at (888) 220-5517 (toll-free), Monday through Friday, from 9:00 a.m. to 9:00 p.m. ET, excluding U.S. holidays. Additional information is also posted on Harvard Pilgrim’s website at https://www.harvardpilgrim.org/.
This incident highlights the need for businesses to take cybersecurity seriously and implement strong security measures to protect against cyber threats. Cybersecurity incidents can cause significant damage, including reputational harm, financial losses, and legal consequences. It is crucial for businesses to have a comprehensive cybersecurity plan in place and to regularly review and update their security measures to stay ahead of evolving cyber threats.