Point32Health, the parent company of Harvard Pilgrim Health Care and Tufts Health Plan, has reported a ransomware attack on its Harvard Pilgrim commercial and Medicare Advantage systems.
The Boston Globe reported May 23 that the incident has left the payer unable to process claims or prior authorization requests for more than a month. GBH News, the local PBS station, reported May 18 that some members have been unable to use their health benefits entirely and were told by providers their coverage had been terminated.
The incident involved data that was copied and taken between March 28 and April 17, and it is unclear how many individuals have been affected. Harvard Pilgrim said in a May 23 news release that the files at issue may contain information about current and former members and their dependents, along with current contracted providers. Specifically, the information may include names, addresses, phone numbers, birthdays, health insurance account information, Social Security numbers, provider taxpayer identification numbers and clinical information.
"At this point, Harvard Pilgrim is not aware of any misuse of personal information and protected health information as a result of this incident but nonetheless has begun notifying potentially affected individuals to provide them with more information and resources," the company said.
The Globe reported that Harvard Pilgrim has implemented an interim payment process for providers and waived prior authorization requests for affected plans.
Harvard Pilgrim said it is offering complimentary identity protection and two years of credit monitoring services, along with implementing additional data security measures to prevent similar events. Tufts Health Plan and CarePartners of Connecticut systems remain accessible.