Point32Health, the parent company of Tufts Health Plan and Harvard Pilgrim Health Care, is still dealing with a ransomware attack it first reported on April 17. The company has now disclosed that patient information may have been stolen.
The Massachusetts-based health insurer said the cyber attack has affected systems it uses to service members, accounts, brokers and providers. in support of its Harvard Pilgrim Health Care commercial and Medicare Advantage Stride plans.
Currently Tufts Health Plan, Tufts Medicare Preferred, Tufts Health Public Plans and CarePartners of Connecticut systems remain unaffected and accessible.
Point32Health has been notifying subscribers that their information may have been compromised. The stolen data may include personal information and potentially protected health information belonging to current and former subscribers and dependents, as well as current providers, including names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, and provider taxpayer identification numbers.
Clinical information, such as medical history, diagnoses, treatment, dates of service, and provider names, may also have been compromised, the company said.
The company said it is not aware of any misuse of personal information and protected health information as a result of the incident. Harvard Pilgrim is offering complimentary access to two years of credit monitoring and identity theft protection services through IDX.
The company has notified law enforcement and regulators and said it is working with third-party cybersecurity experts to investigate and remediate the situation. It has also taken steps to strengthen the cyber security of its organization and data.
The non-profit health services company based in Canton, Massachusetts serves the New England states. It is the second largest health insurers in Massachusetts.
Interested in Carriers?
Get automatic alerts for this topic.