Connect with us

Hi, what are you looking for?


Data Breaches

Major Massachusetts Health Insurer Hit by Ransomware Attack, Member Data May Be Compromised

The second-largest health insurer in Massachusetts was the victim of a ransomware attack in which sensitive personal information as well as health information of current and past members may have been compromised.

The second-largest health insurer in Massachusetts was the victim of a ransomware attack in which sensitive personal information as well as health information of current and past members may have been compromised, company officials said.

Point32Health said in a statement on its website Tuesday that a “cybersecurity ransomware incident” affecting its Harvard Pilgrim Health Care program was detected April 17.

An ongoing investigation indicated that from March 28 until April 17, members’ addresses, phone numbers, birthdates, Social Security numbers, medical history, treatment, dates of service, provider names and other information may have been compromised.

The not-for-profit company said it was not aware of any misuse of the information. It did not say how many people might be affected.

“We are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation,” the statement said, adding that Harvard Pilgrim is taking steps to bolster its cybersecurity.

The company also contacted the FBI. An FBI spokesperson said the agency had no comment.

Harvard Pilgrim Health Care provides services to more than 1.1 million members in Massachusetts, New Hampshire, Maine and Connecticut, according to the company website.

Advertisement. Scroll to continue reading.

Ransomware attacks involve hackers locking up a computer network and demanding money to unlock it. Point32Health did not say whether it has paid a ransom.

Law enforcement agencies, school systems, energy infrastructure and health systems have been victims of such attacks in recent years.

The Harvard Pilgrim breach affected systems used to service members, brokers and providers, and some functions remained down.

A number of those systems were expected to be restored in the coming weeks, according to Makela.

“We are currently going through the internal IT and business validations. Once this process is complete, alongside our thorough security screenings, some of our processes will become available in a phased fashion,” she wrote.

The insurer said it has been able to continue ensuring its members have access to care.

Other Point32Health companies such as Tufts Health Plan and CarePartners of Connecticut were not affected.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Data Breaches

A group of hackers has leaked Atlassian employee records and floorplans, information that was obtained from third-party workplace platform Envoy.

Data Breaches

AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor.


Instant Checkmate and TruthFinder have disclosed data breaches affecting a total of more than 20 million users.

Data Breaches

Health services company Independent Living Systems has disclosed a data breach that impacts more than 4 million individuals.