Harvard Pilgrim Health Care Provides Notice of Data Security Incident

Harvard Pilgrim Health Care (“Harvard Pilgrim”) is providing notice of a data security incident that may affect the privacy of certain individuals’ protected health information and/or personal information.

On April 17, 2023, Harvard Pilgrim discovered a cybersecurity ransomware incident that impacted systems that support Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride℠ plans (HMO)/(HMO-POS). We are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.

We take the privacy and security of the data entrusted to us seriously. We are continuing our active investigation and conducting extensive system reviews and analysis before we can resume our normal business operations. Unfortunately, the investigation identified signs that data was copied and taken from our Harvard Pilgrim systems from March 28, 2023, to April 17, 2023. We want to assure you that we are taking this incident extremely seriously, and we deeply regret any inconvenience this incident may cause.

We determined that the files at issue may contain the following types of personal information and/or protected health information: names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information (e.g., medical history, diagnoses, treatment, dates of service, and provider names). We are not aware of any misuse of personal information or protected health information as a result of this incident.

Harvard Pilgrim has established a dedicated call center for individuals to contact with questions or concerns and for potentially impacted individuals to enroll in complimentary credit monitoring and identity theft protection services. If you have any questions regarding this incident, please contact the dedicated assistance line at IDX, which can be reached at 888-220-5517 (toll free), Monday through Friday from 9:00 AM to 9:00 PM ET, excluding U.S. holidays. If members have any questions about other issues unrelated to this ransomware incident or are being denied care, please call the number on the back of your Harvard Pilgrim member ID card for assistance. If providers have questions, please contact the Provider Service Center by email at provider_callcenter@point32health.org.

Harvard Pilgrim continues to take steps to implement additional data security enhancements and safeguards to better protect against similar events in the future. We remain committed to safeguarding the privacy and security of information we collect in providing services to our members.

Frequently asked questions

For additional frequently asked questions, please read the Point32Health system update.