One of New England’s largest health insurers, Point32Health, has notified its current and former customers that patient data, including medical history and diagnoses, was stolen during a ransomware attack. The incident was discovered on April 17, prompting an immediate investigation with the assistance of third-party cybersecurity experts.
Harvard Pilgrim Health Care, overseen by Point32Health, revealed that data was copied and taken from their systems between March 28 and April 17, affecting personal information of subscribers, dependents, and contracted providers.
The compromised information may include treatment dates, medical history, provider names, diagnoses, Social Security numbers, names, addresses, phone numbers, dates of birth, health insurance account details, and provider taxpayer information.
Despite no reported misuse of the stolen data, Harvard Pilgrim has started notifying potentially impacted individuals and providing additional information and resources.
Point32Health, which was formed through the merger of Harvard Pilgrim and Tufts Health Plan, serves over 2.2 million people and is the second-largest insurer in Massachusetts.
Following the attack, Harvard Pilgrim took its systems offline to contain the threat. However, the company has been facing technical issues as a result, as indicated by an ongoing alert on Massachusetts’ government website.
While Point32Health has not disclosed the exact nature of the ransomware attack or the identity of the attackers, the incident underscores the need for robust cybersecurity measures within the healthcare industry to protect sensitive patient information.