Apr 8, 2024

2.8 Million Impacted in Massachusetts Health Insurer Data Breach

2.8 Million Impacted in Massachusetts Health Insurer Data Breach

In a data breach that occurred in 2023, nearly a year later, a recent refiling has updated the number of those affected by the breach to include an additional 300,000 individuals. On April 17, 2023, Point32Health’s Harvard Pilgrim Health Care brand (Harvard Pilgrim), a health insurance company based in Massachusetts, discovered it was the victim of a cybersecurity ransomware attack. The cyber attack impacted the systems it used to service its members, accounts, brokers, and providers, including systems serving Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride plans.

According to an internal investigation, certain signs identified that the data was copied and taken from Harvard Pilgrim systems from March 28, 2023, to April 17, 2023. The initial investigation also determined the files copied contained the personal information of over 2.55 million individuals. In a notice to the potentially affected individuals, Harvard Pilgrim claims once it detected the unauthorized party, it took down its systems to contain the threat, notified law enforcement, and began working with third-party cybersecurity experts to conduct a thorough investigation. 

In response to the attack, the health insurance company implemented additional “cybersecurity safeguards” to its existing infrastructure to reduce the likelihood of this type of event occurring again. Then, in May 2023, Point32Health began notifying the impacted individuals and informed the US Department of Health and Human Services of the breach. However, in a recent update, the company filed a refreshed data breach notice with the Maine Attorney General’s Office, updating the number of affected individuals to more than 2.86 million.


More Than 2.8 Million Social Security Numbers Were Potentially Exposed

According to the updated breach notice, roughly 2,860,795 individuals had the following information accessed during the 2023 breach.

  • Names
  • Addresses
  • Birth dates
  • Phone numbers
  • Social Security numbers
  • Health insurance account information
  • Financial account information
  • Medical history
  • Diagnoses
  • Treatment information

In order to help protect those affected by the breach, Harvard Pilgrim is providing victims two years of complimentary credit monitoring and identity protection services through IDX. Those who received a notice in the mail will find the instructions on how to enroll in the complimentary services. In a recent update posted to the company’s website, it claimed that there was currently no threat to its Point32Health systems, and they are continuing to conduct all business operations, including “processing claims, referrals, notifications, and authorization requests.”


How You Can Stay Protected After a Data Breach

While the insurance company has offered those affected by the breach complimentary credit monitoring services, it also advises victims to remain vigilant and monitor all of their financial and account statements. In the event that your personal information is accessed due to a data breach, it is important you stay on top of your data to ensure no fraudulent activity is taking place. However, you may be wondering where to start when it comes to monitoring your personal accounts for any potential fraudulent activity.

You can use certain credit unions like Equifax, Experian, and Transunion, which offer free yearly credit checks to monitor your credit. For more frequent credit monitoring, companies like Credit Karma offer customers free daily access to their credit reports, suspicious activity alerts, and other financial protective services. Should you discover any fraudulent activity on your accounts, contact the Federal Trade Commission, your state's Attorney General's office, or law enforcement to report the incident.

Under the Fair Credit Reporting Act, victims of fraud have the right to be informed if the information in their credit file has been used against them. You can learn more about data breaches and how you can protect your personal information by heading to the FTC's website at www.identitytheft.gov. Victims can also speak to a data breach attorney to learn more about what options they have after their information has been compromised due to a data breach. 

If you believe your information was accessed during the Point32Health data breach, do not wait to contact an attorney. Working with a data breach attorney can help you better understand your legal options and significantly increase your odds of recovering compensation for the damages you may have suffered. For more information on how a data breach attorney may be able to help your case, contact a Morgan & Morgan attorney today by completing our free, no-obligation case evaluation form.

Point32Health was established in 2021 through the merger of Harvard Pilgrim and Tufts Health Plan, making it the second-largest insurer in Massachusetts. Point32Health also serves individuals in Connecticut, Maine, and New Hampshire and reported an annual revenue of $9.4 Billion in 2023.