Massachusetts wellbeing information breach involving Harvard Pilgrim Health and fitness Treatment confirmed

Stage32Well being, the parent firm of Harvard Pilgrim Health and fitness Treatment and other insurance coverage ideas, introduced that facts was copied and taken from the health care payer’s methods in the course of a cyber breach that occurred in between March 28 and April 17.

WHY IT Matters

HPHC, which has members in Massachusetts, New Hampshire, Maine and Connecticut, decided that the copied information may possibly have individually identifiable data and/or protected wellbeing info belonging to current and previous subscribers and dependents, as properly as contracted vendors. 

The stolen knowledge contains names, bodily addresses, phone numbers, dates of beginning, wellness insurance policy account facts, Social Security numbers, supplier taxpayer identification figures and clinical information, according to an announcement this week.

HPHC pointed out in the statement that the PHI could consist of medical background, diagnoses, remedy, dates of company and provider names.

The wellbeing insurance company said it has contracted with Beaverton, Oregon-based IDX, a breach response firm, to subject calls from worried HPHC users and previous associates to decide if their details may perhaps have been influenced, and then enroll affected men and women for two years of identification theft monitoring and up to $1 million in theft recovery. 

The working day right after it confirmed that individual info experienced been exfiltrated, HPHC also posted a programs update about safety updates to its web site. 

HPHC says it is implementing endpoint security to enhance cyber danger response, enhancing vulnerability scanning and identifying and prioritizing IT Protection enhancements.

THE Greater Development

After first discovering the unauthorized access, Position32Health and fitness reported it quickly took HPHC units offline to include the ransomware risk, but some harm had currently been finished. 

Initially, disruptions to care ended up becoming reported, because providers and pharmacies might be anxious about a member’s included expert services and medicines, and the insurance company was in the midst of condition personnel open up enrollment. 

HPHC waived prior authorization prerequisites, with some exceptions, like reliable organ transplants, and its site furnished FAQs that observed impacts to functions, including electronic payments.

The insurance provider said it was working with OptumRx on approving prescriptions for new member enrollments that were in system when programs went down. 

HPHC filed with the state of Maine that 75,534 of its people that had well being coverage as of December 2022 experienced been affected by the breach.

As significantly as provider disruptions, HPHC instructed the Portland Push Herald by e mail on May possibly 24 that it is still doing the job to restore its devices. 

The firm is continue to heading via interior IT and company validations, according to the story.

“When this procedure is comprehensive, along with our extensive safety screenings, some of our procedures will grow to be obtainable in a phased vogue,” Kathleen Makela, the firm spokesperson, said.

ON THE History

“At this point, Harvard Pilgrim is not conscious of any misuse of own information and facts and shielded well being details as a result of this incident, but even so has begun notifying potentially influenced people today to provide them with extra info and assets.”

Andrea Fox is senior editor of Healthcare IT News.
Electronic mail: [email protected]
Healthcare IT Information is a HIMSS Media publication.