Harvard Pilgrim Health Care (HPHC) has revealed that a ransomware attack in April 2023 affected approximately 2,550,922 individuals, with the attackers also extracting sensitive data from compromised systems.
The non-profit healthcare provider, headquartered in Massachusetts, reported the incident to the U.S. Department of Health and Human Services breach portal, as it impacts nearly all of its members.
Last week, HPHC issued a notification stating that the ransomware actors maintained unauthorized access to their systems from March 28 to April 17, 2023, until the breach was detected.
The breach has had consequences for the Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride systems, affecting coverage.
The compromised data consists of various sensitive details, including:
- Complete names
- Residential addresses
- Telephone numbers
- Birth dates
- Health insurance account details
- Social Security numbers
- Provider taxpayer-identification numbers
- Clinical information encompassing medical records, diagnoses, treatments, service dates, and provider identities.
The scope of the incident extends to both present and past Harvard Pilgrim members who registered on or after March 28, 2012, as confirmed by the organization.
The exposed information is highly sensitive and poses a risk of phishing and social engineering attempts against the affected individuals. HPHC assures that no instances of data misuse have been identified.
To protect those affected, HPHC offers credit monitoring and identity theft protection services as preventative measures.
It is crucial to understand that ransomware organizations frequently leverage stolen data as leverage to coerce victims into meeting their ransom demands. In cases where victims resist payment, attackers might opt to sell the data to other cybercriminals or make it public.
Currently, no specific ransomware group has taken credit for the HPHC attack.
For current or former members of HPHC, it is highly recommended to exercise caution when receiving unsolicited messages and to remain vigilant.