Major Mass. health insurance company victim of cybersecurity attack

PROVIDENCE – A major Massachusetts health insurance company warned its members Wednesday that their personal data may have been breached during a cybersecurity attack on April 17, multiple Boston news outlets reported. 

Point32Health Services Inc., the corporate parent of Harvard Pilgrim Health Care and Tufts Health Plan, said in a memo that the attack affected the systems it uses to service members, account brokers and providers. 

The company said it proactively took certain systems offline to contain the threat out of an “abundance of caution” after “detecting an unauthorized party,” company officials said.

“We have notified law enforcement and regulators and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation,” Point32Health said in a statement to WFXT-TV FOX 25. “Our top priority is to ensure our members continue to have access to care.” 

- Advertisement -

Point32Health said the issue is affecting members covered under Harvard Pilgrim Health Care’s commercial plans and New Hampshire Medicare plans. It does not impact Tufts Health Plan products. 

It was unclear what sensitive information was exposed during the breach. Point32Health said it will notify customers if any of their personal data was breached during the attack. 

“Our top priority is to ensure our members continue to have access to care,” Point32Health said in its statement to WFXT-TV. “While we work diligently to restore the impacted systems as quickly and as safely as possible, our team is working around the clock to provide workarounds for members to receive the services they need.”