After suffering a cyber attack last month, Point32Health notified its members on Tuesday afternoon that some personal data was stolen from members and providers of Harvard Pilgrim Health Care systems between March 28 and April 17.
Point32Health, the parent company of mega Massachusetts health insurer Harvard Pilgrim, said that the company is taking the issue “extremely seriously and deeply regrets any inconvenience this incident may cause.”
The Canton-based company was hit by a cybersecurity ransomware attack back in March which impacted its computer system hardware. Now they say their investigation has revealed that the files stolen were reported to contain personal information or protected health information for current and former subscribers and dependents, and current contracted providers, according to the company.
The following information could be at risk: names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information, including medical history, diagnoses, treatment, dates of service, and provider names.
“At this point, Harvard Pilgrim is not aware of any misuse of personal information and protected health information as a result of this incident, but nonetheless has begun notifying potentially affected individuals to provide them with more information and resources,” the company said in a statement.
The company sent out steps for people to protect themselves against fraud or identity theft. Harvard Pilgrim is also offering complimentary identity protection and access to two years of credit monitoring services for potentially affected individuals.
Angela Castaneda, a Harvard Pilgrim customer from Jamaica Plain, says it’s been nearly impossible dealing with the company over the last few weeks because of their computer systems being hit, and now the situation is even worse as her personal information may have been stolen by cyber thieves.
U.S. & World
“It didn’t surprise me because I’ve been having some issues with them since the whole system went down,” she said. "I’m very worried. They have all that stuff, medical problems, all that information.”
A cybersecurity expert in Boston says "This is one of those breaches you should be worried about.”
“The company itself is a victim of a crime, they have had a data breach, whether or not they did enough to protect it we don’t know yet,” said Rob Siciliano, CEO of Protect Now.
While the company says it’s not aware of any misuse of the stolen information at this time, Castaneda says that's not much comfort.
"This is a major company,” she said. “They’ve been around for many years. For this to go on as long as it has and only report this now, I honestly expect more from them.”
The company isn’t saying how many people may have been impacted.