Harvard Pilgrim Health Care

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

In April 2023, Harvard Pilgrim Health Care, a leading not-for-profit health services company serving members in several states including Connecticut, Maine, Massachusetts, and New Hampshire, experienced a significant cybersecurity breach. This incident, identified as a ransomware attack, occurred between March 28, 2023, and April 17, 2023. The breach potentially affected a wide range of personal and protected health information belonging to current and former members, dependents, and contracted providers of Harvard Pilgrim Health Care and Health Plans Inc. The compromised data includes names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information such as medical history, diagnoses, treatment, dates of service, and provider names[1][3].

Harvard Pilgrim Health Care and its parent company, Point32Health, have taken this incident extremely seriously and have initiated steps to address the breach’s consequences. They have engaged third-party cybersecurity experts to conduct a thorough investigation and remediation of the incident. In response to the breach, Harvard Pilgrim has offered affected individuals complimentary access to two years of credit monitoring and identity theft protection services. These services include 1-bureau credit monitoring, CyberScan web monitoring to detect illegal selling or trading of personal information, up to $1 million in ID Theft Insurance, and assistance with fraud resolutions[1][3].

Following the breach, Harvard Pilgrim Health Care and Point32Health faced a class-action lawsuit for allegedly failing to secure the personal information of over 2.5 million people. The lawsuit accuses the insurer of “intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures” to protect personal health information. The breach has led to significant concerns among affected individuals regarding the potential for identity theft and fraud[5].

The incident has also prompted multiple class-action lawsuits against Harvard Pilgrim Health Care, stemming from the ransomware attack and data breach. These lawsuits highlight the ongoing challenges and confusion among provider partners and health plan members as the company works to restore full network capacity and address the breach’s implications[9].

This cybersecurity incident underscores the critical importance of robust data protection measures in the healthcare industry, where sensitive personal and health information is routinely handled. It also highlights the legal and reputational risks that organizations face when such breaches occur, emphasizing the need for continuous improvement in cybersecurity practices to protect against future incidents[1][3][5][9].

Citations:

  1. https://www.harvardpilgrim.org/public/notice-of-data-security-incident
  2. https://www.harvardpilgrim.org
  3. https://www.mass.gov/news/harvard-pilgrim-health-care-provides-statement-regarding-privacy-incident
  4. https://www.themainewire.com/2024/02/allagash-brewing-becomes-top-sponsor-of-group-that-advocates-late-term-abortion-sex-changes-for-kids/
  5. https://www.fiercehealthcare.com/payers/harvard-pilgrim-health-care-hit-class-action-lawsuit-over-data-breach
  6. https://www.accolade.com
  7. https://www.healthcareitnews.com/news/harvard-pilgrim-healthcare-sued-data-breach
  8. https://www.bidmc.org
  9. https://thehipaaetool.com/lawsuits-pile-up-against-harvard-pilgrim-health/
  10. https://www.episource.com
  11. https://www.thecrimson.com/article/2023/6/13/hphc-data-breach-lawsuit/
  12. https://www.mainebiz.biz/article/portlands-residential-market-buoyed-by-strong-demand-in-migration
  13. https://www.boston.com/news/business/2023/05/24/harvard-pilgrim-health-care-cybersecurity-breach/
  14. https://krebsonsecurity.com
  15. https://www.healthcareitnews.com/news/massachusetts-health-data-breach-involving-harvard-pilgrim-health-care-confirmed
  16. https://www.summithealth.com
Breach Submission Date May 24, 2023
Converted Entity Name Harvard Pilgrim Health Care
Converted Entity Type Health Plan
State MA
Individuals Affected 2,624,191
Breach Type Hacking/IT Incident

Breach Information Location Network Server

Business Associate Present Yes