Harvard Pilgrim Well being Care hit by ransomware assault, member knowledge could also be compromised
BOSTON — The second-largest well being insurer in Massachusetts was the sufferer of a ransomware assault during which delicate private data in addition to well being data of present and previous members might have been compromised, firm officers stated.
Point32Health stated in a press release on its web site Tuesday {that a} “cybersecurity ransomware incident” affecting its Harvard Pilgrim Well being Care program was detected April 17.
An ongoing investigation indicated that from March 28 till April 17, members’ addresses, cellphone numbers, birthdates, Social Safety numbers, medical historical past, remedy, dates of service, supplier names and different data might have been compromised.
The not-for-profit firm stated it was not conscious of any misuse of the data. It didn’t say how many individuals could be affected.
“We’re working with third-party cybersecurity specialists to conduct an intensive investigation into this incident and remediate the state of affairs,” the assertion stated, including that Harvard Pilgrim is taking steps to bolster its cybersecurity.
Firm spokesperson Kathleen Makela stated Wednesday through e-mail that the corporate can be notifying folks whose data might have been concerned.
The corporate additionally contacted the FBI. An FBI spokesperson stated the company had no remark.
Harvard Pilgrim Well being Care supplies providers to greater than 1.1 million members in Massachusetts, New Hampshire, Maine and Connecticut, in keeping with the corporate web site.
Ransomware assaults contain hackers locking up a pc community and demanding cash to unlock it. Point32Health didn’t say whether or not it has paid a ransom.
Legislation enforcement companies, faculty methods, vitality infrastructure and well being methods have been victims of such assaults lately.
The Harvard Pilgrim breach affected methods used to service members, brokers and suppliers, and a few capabilities remained down.
Plenty of these methods had been anticipated to be restored within the coming weeks, in keeping with Makela.
“We’re at the moment going via the interior IT and enterprise validations. As soon as this course of is full, alongside our thorough safety screenings, a few of our processes will change into out there in a phased trend,” she wrote.
The insurer stated it has been capable of proceed making certain its members have entry to care.
Different Point32Health firms reminiscent of Tufts Well being Plan and CarePartners of Connecticut weren’t affected.
