The insurers say that they experienced a data breach and customer information was compromised.
Two major health insurance companies in Massachusetts and New Hampshire are alerting their customers that they experienced a cyberattack in the form of ransomware in March and April, at which time some of their members’ personal information was compromised.
The corporate parent of the insurers has confirmed that the threat impacted customer personal data.
The corporate parent of Tufts Health Plan and Harvard Pilgrim Health Care health insurance companies, Point32Health, has announced that the threat impacted systems in April that are used for providing service to providers, brokers, accounts, and customers. Officials stated that the insurers took certain systems offline in a proactive attempt to keep the threat contained out of an “abundance of caution,” after “detecting an unauthorized party.”
“Unfortunately, the investigation identified signs that data was copied and taken from our Harvard Pilgrim systems from March 28, 2023, to April 17, 2023,” explained Point32Health in a statement released to its customers. “We want to assure you that we are taking this incident extremely seriously, and we deeply regret any inconvenience this incident may cause.”
The cybercriminals may have gained several types of personal data about the health insurance companies’ customers.
According to Harvard Pilgrim’s assessments, the files compromised in the cyberattack could contain the names, mailing addresses, phone numbers, birthdates, Social Security numbers, and/or health insurance account information of the insurer’s customers as well as provider taxpayer identification numbers and clinical information, said the statement from Point32Health.
Harvard Pilgrim also stated that it has not found any evidence of personal information misuse or of protected health information due to the cyberattack. However, it has been notifying customers who were potentially affected in order to offer them additional information and resources, said Point32Health.
The health insurance companies, which were a part of a merger that took place in January 2021, have established call centers specifically for customers who were potentially affected by the cyberattack so that they can enroll in complementary credit monitoring and identity theft protection services.
“Harvard Pilgrim continues to take steps to implement additional data security enhancements and safeguards to better protect against similar events in the future,” said the Point32Health statement.