Massachusetts well being information breach involving Harvard Pilgrim Well being Care confirmed

Point32Health, the mum or dad group of Harvard Pilgrim Well being Care and different insurance coverage, announced that information was copied and brought from the healthcare payer’s programs throughout a cyber breach that occurred between March 28 and April 17.

WHY IT MATTERS

HPHC, which has members in Massachusetts, New Hampshire, Maine and Connecticut, decided that the copied recordsdata might comprise personally identifiable data and/or protected well being data belonging to present and former subscribers and dependents, in addition to contracted suppliers.

The stolen information contains names, bodily addresses, cellphone numbers, dates of start, medical health insurance account data, Social Safety numbers, supplier taxpayer identification numbers and scientific data, in response to an announcement this week.

HPHC famous within the assertion that the PHI might embody medical historical past, diagnoses, therapy, dates of service and supplier names.

The well being insurer mentioned it has contracted with Beaverton, Oregon-based IDX, a breach response firm, to area calls from involved HPHC members and former members to find out if their information might have been affected after which enroll affected people for 2 years of id theft monitoring and as much as $1 million in theft restoration.

The day after it confirmed that affected person information had been exfiltrated, HPHC additionally posted a systems update about safety updates to its web site.

HPHC says it’s implementing endpoint security to enhance cyber menace response, enhancing vulnerability scanning and figuring out and prioritizing IT Safety enhancements.

THE LARGER TREND

After first discovering the unauthorized accessPoint32Health mentioned it shortly took HPHC programs offline to comprise the ransomware menace, however some harm had already been completed.

Initially, disruptions to care had been being reported as suppliers and pharmacies could also be involved a couple of member’s coated providers and medicines and the insurer was within the midst of state worker open enrollment.

HPHC waived prior authorization necessities with some exceptions, like stable organ transplants, and its web site supplied FAQs that famous impacts to operations together with digital funds.

The insurer mentioned it was working with OptumRx on approving prescriptions for brand new member enrollments that had been in course of when programs went down.

HPHC filed with the state of Maine that 75,534 of its residents that had well being protection as of December 2022 had been affected by the breach.

So far as service disruptions, HPHC informed the Portland Press Herald by e mail on Could 24 that it’s nonetheless working to revive its programs.

The corporate remains to be going by way of inside IT and enterprise validations, in response to the story.

“As soon as this course of is full, alongside our thorough safety screenings, a few of our processes will develop into obtainable in a phased trend,” Kathleen Makela, the corporate spokesperson, mentioned.

ON THE RECORD

“At this level, Harvard Pilgrim is just not conscious of any misuse of private data and guarded well being data on account of this incident, however nonetheless has begun notifying probably affected people to offer them with extra data and assets.”

Andrea Fox is senior editor of Healthcare IT Information.
Electronic mail: [email protected]
Healthcare IT Information is a HIMSS Media publication.