Health insurer Point32Health confirms data breach in a ransomware attack in April

Leading health insurer Point32Health, which suffered a large technical outage due to a ransomware attack in April, has notified current and former customers that data, including patient medical history and diagnoses, was stolen in the cyber incident.

Point32Health, the parent company for Harvard Pilgrim Health Care and Tufts Health Plan, said it discovered the incident on April 17 and launched an investigation with third-party cybersecurity experts soon after.

In a statement, the company revealed that the investigation identified signs that data files were copied and taken from Harvard Pilgrim systems between March 28 and April 17. The files may contain personal data and protected health information on current and former subscribers, dependents, and contracted providers.

This may include clinical information such as treatment dates, medical history, provider names, and diagnoses, as well as Social Security numbers, names, physical addresses, phone numbers, dates of birth, health insurance account information, provider taxpayer information, the company said.

However, Tufts Health Plan was not impacted by the incident. At this point, Harvard Pilgrim is unaware of any misuse of personal and protected health information due to this incident. However, the company has begun notifying potentially affected individuals to provide them with more information and resources, the company said.