On May 24, 2023, Harvard Pilgrim Health Care filed a notice of data breach with the U.S. Department of Health and Human Services Office for Civil Rights after learning that a recent ransomware attack resulted in over 2.5 million patients’ confidential information being leaked. Based on the company’s official filing, the incident resulted in an unauthorized party gaining access to consumers’ names, Social Security numbers, physical addresses, phone numbers, dates of birth, health insurance account information, and protected health information. After confirming that consumer data was leaked, Harvard Pilgrim began sending out data breach notification letters to all individuals who were impacted by the recent data security incident.
If you received a data breach notification from Harvard Pilgrim Health Care, it is essential you understand what is at risk and what you can do about it. As a major healthcare provider, you trusted Harvard Pilgrim to ensure the security of your personal information. However, the recent data breach raises legitimate concerns about the company’s commitment to the data security of its patients. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Harvard Pilgrim data breach, please see our recent piece on the topic here.
What We Know So Far About the Harvard Pilgrim Breach
News of the Harvard Pilgrim data breach is still fresh; however, what we know at this point comes from the company’s filing with the U.S. Department of Health and Human Services Office for Civil Rights. According to this source, on April 17, 2023, Harvard Pilgrim learned that a ransomware attack affected the IT systems that support Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride℠ plans. In response, Harvard Pilgrim launched an investigation into the incident, which is still ongoing.
However, even at this early point in the company’s investigation, Harvard Pilgrim was able to determine that an unauthorized party accessed and removed certain confidential patient information from its computer network between March 28, 2023 and April 17, 2023.
Upon discovering that sensitive consumer data was made available to an unauthorized party, Harvard Pilgrim began to review the affected files to determine what information was compromised and which consumers were impacted. While the breached information varies depending on the individual, it may include your name, Social Security number, physical address, phone numbers, date of birth, health insurance account information, and protected health information.
On May 24, 2023, Harvard Pilgrim sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.
More Information About Harvard Pilgrim Health Care
Founded in 1969, Harvard Pilgrim Health Care is a non-profit healthcare provider based in Canton, Massachusetts. Harvard Pilgrim and Tufts Health Plan are both subsidiaries of Point32Health, and together, serve upwards of 2.4 million patients in Massachusetts, Maine, Connecticut, New Hampshire, and Rhode Island. Harvard Pilgrim employs more than 4,400 people and generates approximately $622 million in annual revenue.