Massachusetts’ second-largest health insurer, Point32Health, fell victim to a ransomware attack, potentially compromising sensitive personal and health information of current and former members. The incident, affecting its Harvard Pilgrim Health Care program, was detected on April 17, with the compromised data including addresses, phone numbers, birthdates, Social Security numbers, medical history, treatment details, dates of service, provider names, and more.
Although there have been no reports of information misuse, the company is conducting a thorough investigation with the assistance of cybersecurity experts and has notified affected individuals. Harvard Pilgrim Health Care is taking steps to enhance its cybersecurity measures. The incident has been reported to the FBI, but no further details have been provided. Point32Health did not disclose whether a ransom was paid. The breach impacted systems used by members, brokers, and providers, but some functions are expected to be restored in the coming weeks. Other Point32Health entities, such as Tufts Health Plan and CarePartners of Connecticut, were unaffected.