System update for members
Last updated May 30, 2023
On April 17, Point32Health identified a cybersecurity ransomware incident that impacted systems we use to service members, accounts, brokers and providers. This is impacting systems that support Harvard Pilgrim Health Care commercial and Medicare Advantage Stride℠ plans (HMO)/(HMO-POS). Currently Tufts Health Plan, Tufts Medicare Preferred, Tufts Health Public Plans and CarePartners of Connecticut systems remain accessible.
After detecting the unauthorized party, we proactively took our Harvard Pilgrim Health Care systems offline to contain the threat. We have notified law enforcement and regulators and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation. While we work diligently to restore affected systems as quickly and as safely as possible, our team is working around the clock so that Harvard Pilgrim Health Care (HPHC) members receive the services they need.
Point32Health has communicated to our provider partners that they should continue providing care to HPHC members during this ongoing incident and services will be covered. Providers, if you have any questions, please contact the Provider Service Center by email at email@example.com.
Members, if you have any questions or are being denied care, please call the number on the back of your HPHC member ID card for assistance.
To date, we have taken several steps to further enhance the security of our organization and the data entrusted to us. We are:
- Reviewing and enhancing user access protocols;
- Enhancing vulnerability scanning and identifying prioritized IT Security improvements;
- Implementing a new sustainable Endpoint Detection and Response (EDR) security solution to detect and respond to cyber threats; and
- Conducting password resets for administrative accounts.
Our primary focus during recovery is to make sure members and our customers receive the care and services they need as quickly and as safely as possible. With this in mind, our system recovery efforts are focused on priority areas of the business, such as eligibility and enrollment; continuity of care, utilization management, and prior authorizations; provider payments; claims processing for medical and behavioral health; sales and renewals; and the remainder of business functions.
We take the privacy and security of the data entrusted to us seriously. Unfortunately, the investigation identified signs that data was copied and taken from our Harvard Pilgrim Health Care (“Harvard Pilgrim”) systems between March 28, 2023, and April 17, 2023. We determined that the files at issue may contain personal information and/or protected health information for current and former subscribers and dependents, and current contracted providers. Harvard Pilgrim has now begun the process of notifying individuals whose information may potentially have been involved in the incident. Additionally, while we are not aware of any misuse of personal information and protected health information as a result of the incident, out of an abundance of caution, Harvard Pilgrim is offering complimentary access to two (2) years of credit monitoring and identity theft protection services through IDX to potentially impacted individuals. We also recommend that individuals remain vigilant, monitor, and review their financial and account statements and explanations of benefits, and report any unusual activity to the institution that issued the record and to law enforcement.
For more information, please refer to the Notice of Data Security Incident on the Harvard Pilgrim Health Care website.
Resources for Harvard Pilgrim Health Care Medicare Advantage StrideSM (HMO)/(HMO/POS) members