Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems.
The Massachusetts-based non-profit health services provider shared this information—which corresponds to roughly all its members—to the U.S. Department of Health and Human Services breach portal.
Last week, the organization published a notice informing that ransomware actors maintained access to its systems between March 28 and April 17, 2023, when the breach was discovered.
A subsequent investigation conducted with the help of third-party cybersecurity experts revealed that the cybercriminals exfiltrated sensitive data from HPHC’s network.
“Unfortunately, the investigation identified signs that data was copied and taken from our Harvard Pilgrim systems from March 28, 2023, to April 17, 2023,” reads the notice.
“We are continuing our active investigation and conducting extensive system reviews and analysis before we can resume our normal business operations.”
As a result of the attack, coverage under Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride systems is impacted.
The stolen files include the following types of sensitive information:
- Full names
- Physical addresses
- Phone numbers
- Dates of birth
- Health insurance account information
- Social Security numbers
- Provider taxpayer identification numbers
- Clinical information, including medical history, diagnoses, treatment, dates of service, and provider names
The organization has clarified that the incident impacts current and former members of Harvard Pilgrim, who had a registration date starting on March 28, 2012.
The above information is very sensitive and could expose affected individuals to phishing or social engineering attacks. HPHC states that it has not detected any cases of stolen data misuse.
HPHC also provides credit monitoring and identity theft protection services to safeguard individuals impacted by this security incident.
It’s important to note that ransomware gangs often exploit stolen data to pressure victims into complying with ransom demands. If victims refuse to pay, attackers may also sell the data to other cybercriminals or release it publicly.
No ransomware group has claimed responsibility for the attack on HPHC, according to the information available at this time.
For current or former members of HPHC, exercising caution when receiving unsolicited messages and maintaining vigilance over an extended period is strongly advised.
- mohdrafeea – 3 days ago
Recently, I have observed many Ransomware attacks targeting Health sector. What’s the reasons of that? I cant understand the motive.
- Mahhn – 14 hours ago
All your data is with healthcare companies, they use and sell it to commit fraud, and make others lives worse. Evil people wanting to make others suffer, just because they can. There are lots of bad people in the world, most good people can’t understand, because they aren’t evil.
- DyingCrow – 3 days ago
Health care might not be hardening as much, making them easier targets. Specially non profits, they just have the budget for the very basics.
Health care databases have a high change to contain valuable info such as SSN, along with other personal info such as phone #, email address and medical history, which can be used for targeted health care related scams.
Version: 4.5.29 5M+ Downloads
McAfee Consumer Products Removal tool
Version: NA 432,545 Downloads
Version: 188.8.131.52 56M+ Downloads
Windows Repair (All In One)
Version: 4.13.1 2M+ Downloads
Everything Desktop Search
Version: 184.108.40.2067 23,036 Downloads