Point32Health Ransomware Incident Update: Provider Impact

This notice serves to provide you with an update on our ransomware incident that took place on April 17.  We are continuing our active investigation and conducting extensive system reviews and analysis before we can resume our normal business operations. Unfortunately, the investigation identified signs that data was copied and taken from our Harvard Pilgrim Health Care (“Harvard Pilgrim”) systems between March 28, 2023, and April 17, 2023. We determined that the files at issue may contain personal information and/or protected health information for current and former subscribers and dependents and current contracted providers.

We want to assure you that we take the privacy and security of the data entrusted to us very seriously, and we deeply regret any inconvenience this incident may cause.

What Happened

On April 17, Harvard Pilgrim discovered a cybersecurity ransomware incident that impacted systems that support Harvard Pilgrim Health Care (HPHC) Commercial and Medicare Advantage StrideSM plans (HMO)/(HMO-POS). We are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.

What Information Was Involved

The personal information in the files at issue may include your name, Social Security number, and taxpayer identification number. We are not aware of any misuse of your personal information or protected health information as a result of this incident.

What We Are Doing

As explained above, we took immediate steps to secure our systems and engaged third-party forensic experts to assist in the investigation. Further, in response to this incident, we implemented and/or are continuing to implement additional cybersecurity safeguard to our existing robust infrastructure to better minimize the likelihood of this type of event occurring again.

Additionally, we are providing you with the opportunity to register for two (2) years of complimentary credit monitoring and identity protection services through IDX. Although we are making these services available to you, we are unable to enroll you directly. For enrollment instructions, please review the information below, Steps You Can Take to Protect Personal Information.

What You Can Do

We recommend that you remain vigilant, monitor and review all of your financial and account statement, and report any unusual activity to the institution that issued the record and to law enforcement. You may also review the guidance contained in Steps You Can Take to Protect Personal Information.

For More Information

The security of your protected health information is a top priority for us. We sincerely regret this incident occurred and for any concern it may cause you. We understand that you may have additional questions. For assistance with questions regarding this incident, please call our dedicated call center, IDX, at (888) 220-5517. Representatives are available between the hours of 9:00 am to 9:00 pm Eastern time, Monday through Friday (excluding U.S. holidays).

In addition to this notification about your data, we want to make you aware that we are notifying current and former subscribers and dependents whose information may have been potentially impacted.

Steps you can take to protect your personal information