Harvard Pilgrim Health Care
Your Personal Info Could Be
Exposed Online After
This Hospital Breach
Breach Description
In April 2023, Harvard Pilgrim Health Care, a leading not-for-profit health services company serving members in several states including Connecticut, Maine, Massachusetts, and New Hampshire, experienced a significant cybersecurity breach. This incident, identified as a ransomware attack, occurred between March 28, 2023, and April 17, 2023. The breach potentially affected a wide range of personal and protected health information belonging to current and former members, dependents, and contracted providers of Harvard Pilgrim Health Care and Health Plans Inc. The compromised data includes names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information such as medical history, diagnoses, treatment, dates of service, and provider names[1][3].
Harvard Pilgrim Health Care and its parent company, Point32Health, have taken this incident extremely seriously and have initiated steps to address the breach’s consequences. They have engaged third-party cybersecurity experts to conduct a thorough investigation and remediation of the incident. In response to the breach, Harvard Pilgrim has offered affected individuals complimentary access to two years of credit monitoring and identity theft protection services. These services include 1-bureau credit monitoring, CyberScan web monitoring to detect illegal selling or trading of personal information, up to $1 million in ID Theft Insurance, and assistance with fraud resolutions[1][3].
Following the breach, Harvard Pilgrim Health Care and Point32Health faced a class-action lawsuit for allegedly failing to secure the personal information of over 2.5 million people. The lawsuit accuses the insurer of “intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures” to protect personal health information. The breach has led to significant concerns among affected individuals regarding the potential for identity theft and fraud[5].
The incident has also prompted multiple class-action lawsuits against Harvard Pilgrim Health Care, stemming from the ransomware attack and data breach. These lawsuits highlight the ongoing challenges and confusion among provider partners and health plan members as the company works to restore full network capacity and address the breach’s implications[9].
This cybersecurity incident underscores the critical importance of robust data protection measures in the healthcare industry, where sensitive personal and health information is routinely handled. It also highlights the legal and reputational risks that organizations face when such breaches occur, emphasizing the need for continuous improvement in cybersecurity practices to protect against future incidents[1][3][5][9].
Citations:
- https://www.harvardpilgrim.org/public/notice-of-data-security-incident
- https://www.harvardpilgrim.org
- https://www.mass.gov/news/harvard-pilgrim-health-care-provides-statement-regarding-privacy-incident
- https://www.themainewire.com/2024/02/allagash-brewing-becomes-top-sponsor-of-group-that-advocates-late-term-abortion-sex-changes-for-kids/
- https://www.fiercehealthcare.com/payers/harvard-pilgrim-health-care-hit-class-action-lawsuit-over-data-breach
- https://www.accolade.com
- https://www.healthcareitnews.com/news/harvard-pilgrim-healthcare-sued-data-breach
- https://www.bidmc.org
- https://thehipaaetool.com/lawsuits-pile-up-against-harvard-pilgrim-health/
- https://www.episource.com
- https://www.thecrimson.com/article/2023/6/13/hphc-data-breach-lawsuit/
- https://www.mainebiz.biz/article/portlands-residential-market-buoyed-by-strong-demand-in-migration
- https://www.boston.com/news/business/2023/05/24/harvard-pilgrim-health-care-cybersecurity-breach/
- https://krebsonsecurity.com
- https://www.healthcareitnews.com/news/massachusetts-health-data-breach-involving-harvard-pilgrim-health-care-confirmed
- https://www.summithealth.com