Massachusetts medical data breach involving Harvard Pilgrim Healthcare confirmed


Point32Health, the parent organization of Harvard Pilgrim Health Care and other insurance plans, said data was copied from health care payer systems during cyber breaches that occurred between March 28 and April 17. , announced that it was taken out.

why it matters

HPHC with membership in Massachusetts, New Hampshire, Maine, and Connecticut understand that the copied files may include current and former subscribers and dependents, as well as personally identifiable and/or protected information belonging to contracted providers. It was determined that there is a possibility that the medical information contained in the

The stolen data includes names, addresses, phone numbers, dates of birth, health insurance account information, social security numbers, health care provider tax ID numbers, and clinical information, according to an announcement this week.

In a statement, HPHC noted that PHI may include medical history, diagnosis, treatment, dates of service and name of provider.

The health insurance company contracted with IDX, a Beaverton, Oregon-based breach response firm, to confirm whether data may have been impacted through calls from involved HPHC members and former members, and to identify any impacts. It has announced that it will enroll individuals who have been subjected to identity theft for two years. Get surveillance and up to $1 million in theft coverage.

A day after confirming that patient data had been compromised, HPHC posted a system update on its website regarding the security update.

HPHC said it is implementing endpoint security, enhancing vulnerability scanning, and identifying and prioritizing IT security improvements to better respond to cyber threats.

the bigger trend

Point32Health said it took HPHC systems offline quickly to contain the ransomware threat after it first discovered the unauthorized access, but had already done some damage.

Disruptions to care were initially reported as health care providers and pharmacies may be concerned about the services and medications covered by their members, and insurance companies were in the midst of recruiting state officials.

HPHC waived the pre-approval requirement with some exceptions, such as solid organ transplants, and had a FAQ on its website describing the implications for operations, including electronic payments.

The insurer said it was working with OptumRx to approve prescriptions for new member registrations that were in process at the time of the system outage.

HPHC filed with Maine that as of December 2022, 75,534 residents with health insurance were affected by the breach.

Regarding the service interruption, HPHC said: Portland Press Herald On May 24th, I sent an email stating that I was still working to restore the system.

According to the article, the company is still conducting internal IT and business validations.

“Once this process is complete, we will be gradually making parts of our process available in parallel with a thorough security review,” said company spokeswoman Kathleen McKellan.

on record

“While Harvard Pilgrim is not aware at this time that personal or protected medical information has been misused as a result of this incident, it is nonetheless committed to providing more information to potentially affected individuals. We are initiating a notice to provide information and resources.”

Andrea Fox is senior editor for Healthcare IT News.
Email: afox@himss.org

Healthcare IT News is a HIMSS Media publication.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *