Mass. health insurance company admits personal data stolen in cyberattack

PROVIDENCE – A major Massachusetts health insurance company notified both its members and providers that some personal data was stolen during a cybersecurity attack between March 28 and April 17, WBTS-TV NBC 10 in Boston reported Tuesday. 

Point32Health Services Inc. said in a statement that the attack affected the systems it uses to service members, account brokers and providers for Harvard Pilgrim Health Care. Sensitive information that was stolen and could be at risk included health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information, including medical history, diagnoses, treatment dates of service and provider names, according to the report. 

Understanding Robotic-Assisted Surgery: Insights from the Experts

Advances in robotics are transforming our world, and healthcare is no exception. Robotic-assisted surgery is…

Learn More

The company said in a statement that it is taking the matter “extremely seriously and deeply regrets any inconvenience this incident may cause.”

Point32Health, corporate parent of Harvard Pilgrim Health Care and Tufts Health Plan, which provides health coverage in Rhode Island, said on April 18 that the issue affected members covered under Harvard Pilgrim Health Care’s commercial plans and New Hampshire Medicare plans but that Tufts Health Plan products were not impacted. 

- Advertisement -

On April 18, Point32Health officials said the company proactively took certain systems offline to contain the threat out of an “abundance of caution” after “detecting an unauthorized party.” 

Harvard Pilgrim is offering complimentary identity protection and access to two years of credit monitoring services for those who were affected by the breach.