Ransomware Attack on Harvard Pilgrim Health Care Affects 2.5 Million

Written by Gabby Lee

June 2, 2023

Ransomware Attack on Harvard Pilgrim Health Care Affects 2.5 Million

Harvard Pilgrim Health Care (HPHC) has revealed that a ransomware attack in April 2023 affected approximately 2,550,922 individuals, with the attackers also extracting sensitive data from compromised systems.

The non-profit healthcare provider, headquartered in Massachusetts, reported the incident to the U.S. Department of Health and Human Services breach portal, as it impacts nearly all of its members.

Last week, HPHC issued a notification stating that the ransomware actors maintained unauthorized access to their systems from March 28 to April 17, 2023, until the breach was detected.

The breach has had consequences for the Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride systems, affecting coverage.

The compromised data consists of various sensitive details, including:

  • Complete names
  • Residential addresses
  • Telephone numbers
  • Birth dates
  • Health insurance account details
  • Social Security numbers
  • Provider taxpayer-identification numbers
  • Clinical information encompassing medical records, diagnoses, treatments, service dates, and provider identities.

The scope of the incident extends to both present and past Harvard Pilgrim members who registered on or after March 28, 2012, as confirmed by the organization.

The exposed information is highly sensitive and poses a risk of phishing and social engineering attempts against the affected individuals. HPHC assures that no instances of data misuse have been identified.

To protect those affected, HPHC offers credit monitoring and identity theft protection services as preventative measures.

It is crucial to understand that ransomware organizations frequently leverage stolen data as leverage to coerce victims into meeting their ransom demands. In cases where victims resist payment, attackers might opt to sell the data to other cybercriminals or make it public.

Currently, no specific ransomware group has taken credit for the HPHC attack.

For current or former members of HPHC, it is highly recommended to exercise caution when receiving unsolicited messages and to remain vigilant.

Related Articles

TransUnion Hacked by the Threat Actor ‘USDoD’

TransUnion Hacked by the Threat Actor ‘USDoD’

In a recent cybersecurity development, TransUnion, a prominent credit reporting agency, appears to be grappling with a potential data breach incident. A hacker, operating under the alias "USDoD," has allegedly compromised the personal information of 58,505 customers...

Stay Up to Date With The Latest News & Updates

Join Our Newsletter


Subscribe To Our Newsletter

Sign up to our weekly newsletter summarizing everything thats happened in data security, storage, and backup and disaster recovery

You have Successfully Subscribed!