Point32Health, the parent organization of Harvard Pilgrim Health Care and other insurance plans, announced that data was copied and taken from healthcare payer systems in a cyber breach that occurred from March 28 to April 17.
WHY IT IMPORTANT
The HPHC, which has members in Massachusetts, New Hampshire, Maine and Connecticut, has determined that the files copied may contain personally identifiable information and/or protected health information of registrants and current and former dependents, as well as contracted providers.
Stolen data included names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information. , according to an announcement this week.
HPHC notes in the statement that PHI may include medical history, diagnosis, treatment, date of service, and provider name.
The health insurer said it contracted with Beaverton, Oregon-based IDX, a breach response company, to make calls from concerned HPHC members and former members. to determine if their data could have been affected and then enroll affected individuals for two years of surveillance identity theft and theft recovery of up to $1 million.
A day after confirming that patient data had been stolen, HPHC also posted a system update of security updates to its website.
HPHC says it is rolling out endpoint security to improve cyber threat response, enhance vulnerability scanning, and identify and prioritize IT Security improvements.
TREND TO BIGGER WOMAN
After first detecting unauthorized access, Point32Health said it quickly disconnected HPHC systems to stop the ransomware threat, but some damage was done.
Disruption of care was initially reported because providers and pharmacies may have concerns about members’ covered drugs and services, and the insurance company is open for enrollment. state employees.
HPHC has waived prior authorization requirements with some exceptions, such as solid organ transplants, and the HPHC website provides FAQs documenting impacts on operations. including electronic payments.
The insurer said it was working with OptumRx on approving new membership prescriptions that were being processed when the system was down.
The HPHC filed with the state of Maine that 75,534 residents of the state with health insurance as of December 2022 were affected by the breach.
For service interruptions, HPHC tells Portland Press via email on May 24 that it is still working to restore its system.
According to the story, the company is still going through the internal IT and enterprise validation process.
“Once this process is complete, along with a thorough security check, some of our processes will be made available in phases,” said Kathleen Makela, a company spokeswoman.
ON PROFILE
“At this time, Harvard Pilgrim is not aware of any misuse of protected personal and health information as a result of this incident, but has nonetheless begun to notify potentially affected to provide more information and resources to them.”
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS Media.
