- Group Insurance Commission
On April 17, 2023, Point32Health, the parent organization of Harvard Pilgrim Health Care (“Harvard Pilgrim”) and Tufts Health Plan, identified a cybersecurity ransomware incident on its computer systems and is working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.
Unfortunately, the investigation identified signs that data was copied and taken from Harvard Pilgrim systems between March 28, 2023, and April 17, 2023. Harvard Pilgrim is taking this incident extremely seriously and deeply regrets any inconvenience this incident may cause.
Harvard Pilgrim determined that the files at issue may contain personal information and/or protected health information belonging to current and former subscribers and dependents, and current contracted providers. The investigation revealed that the following information could potentially be in the files at issue: names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information (e.g., medical history, diagnoses, treatment, dates of service, and provider names). At this point, Harvard Pilgrim is not aware of any misuse of personal information and protected health information as a result of this incident, but nonetheless has begun notifying potentially affected individuals to provide them with more information and resources.
The notice includes information on steps individuals can take to protect themselves against potential fraud or identity theft. Harvard Pilgrim is also offering complimentary identity protection and access to two (2) years of credit monitoring services for potentially affected individuals. Harvard Pilgrim recommends that individuals regularly monitor their credit reports, account statements and benefit statements and promptly report any suspicious or fraudulent activity to the entity with which the account is maintained and the proper law enforcement authorities, including the police and their state attorney general.
In response to this incident, Harvard Pilgrim is taking steps to implement additional data security enhancements and safeguards to better protect against similar events in the future. Harvard Pilgrim is, and has always been, committed to prioritizing the security of the data entrusted to it.
Harvard Pilgrim has established a dedicated call center for individuals to contact with questions. The call center can be reached at (888) 220-5517 (toll free), Monday through Friday from 9:00 a.m. to 9:00 p.m. ET, excluding U.S. holidays. Additional information is also posted on Harvard Pilgrim’s website at https://www.harvardpilgrim.org/.
If members have any questions about other issues unrelated to this ransomware incident or are being denied care, please call the number on the back of your Harvard Pilgrim member ID card for assistance.
