Harvard Pilgrim Health Care suffers cybersecurity breach

An investigation is ongoing, though the company said it is not aware of any information taken from the breach being used.

Harvard Pilgrim Health Care suffered a cybersecurity breach between March 28 and April 17 that affected members, accounts, brokers, and providers, the company announced Tuesday.

As a result, the parent company, Point32Health, has launched an investigation into the incident, which affected Harvard Pilgrim Health Care commercial and Medicare Advantage Stride users.

Files taken may include personal information — including phone numbers and social security numbers — and protected health information for both current and former contracted providers, dependents, and subscribers, the company said. They said they were working to notify those who may have been affected.

“We take the privacy and security of the data entrusted to us seriously,” the company said.


None of the information taken has been used to the company’s knowledge, they said, and they will be providing all those affected with two years of free credit monitoring and identity theft protection services.

As an added safety measure, the company recommended that people monitor their personal bank accounts.

“Our primary focus during recovery is to make sure members and our customers receive the care and services they need as quickly and as safely as possible,” the company said.

In the meantime, the company said it too is taking measures to keep data safe, targeting the areas of “eligibility and enrollment; continuity of care, utilization management, and prior authorizations; provider payments; claims processing for medical and behavioral health; sales and renewals; and the remainder of business functions.”

They have also already taken steps, such as enhancing user access protocols and making security improvements.

The investigation into the breach is ongoing.


This discussion has ended. Please join elsewhere on