Health insurer says patients’ information was stolen in ransomware attack
One of New England’s largest health insurers notified current and former customers Tuesday that data including patient medical history and diagnoses was copied and taken during a ransomware attack.
Point32Health — which oversees Harvard Pilgrim Health Care and Tufts Health Plan — said it first discovered the incident on April 17 and launched an investigation with third-party cybersecurity experts soon after.
“Unfortunately, the investigation identified signs that data was copied and taken from Harvard Pilgrim systems between March 28, 2023, and April 17, 2023,” the company said in a statement Tuesday. Tufts Health Plan was not impacted by the incident.
Harvard Pilgrim said the files involved may contain personal data and protected health information on current and former subscribers and dependents, as well as current contracted providers. The nonprofit serves more than 1.1 million members who primarily reside in Massachusetts, New Hampshire, Maine and Connecticut.
The information involved may include clinical information such as treatment dates, medical history, provider names, and diagnoses, as well as Social Security numbers, names, physical addresses, phone numbers, dates of birth, health insurance account information and provider taxpayer information, the company said.
“At this point, Harvard Pilgrim is not aware of any misuse of personal information and protected health information as a result of this incident, but nonetheless has begun notifying potentially affected individuals to provide them with more information and resources,” the company said.
Point32Health, which formed in 2021 when Harvard Pilgrim and Tufts Health Plan were merged, serves more than 2.2 million people overall. The company is the second largest insurer in Massachusetts and the state’s previous governor, Charlie Baker, was chief executive of Harvard Pilgrim Health Care for a decade.
The company said last month that it took Harvard Pilgrim's systems offline "to contain the threat," and has been experiencing technical issues according to an ongoing alert from Massachusetts’ government website.
Adam Janofsky is the founding editor-in-chief of The Record by Recorded Future. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.