Harvard Pilgrim Health Care Ransomware Incident Update 5.24.2023

Posted 05.24.23

On April 17, 2023, Point32Health, the parent organization of Harvard Pilgrim Health Care (“Harvard Pilgrim”) and Tufts Health Plan, identified a cybersecurity ransomware incident that impacted systems that support Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride℠ plans (HMO)/(HMO-POS).

This is an update on the investigation and identification of potential impact to member data.

Harvard Pilgrim is working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation. While working diligently to restore affected systems as quickly and as safely as possible, the team is working around the clock to ensure Harvard Pilgrim members receive the health care services they need.

The investigation identified signs that data was copied and taken from the Harvard Pilgrim systems between March 28, 2023, and April 17, 2023.

Harvard Pilgrim determined that the files at issue may contain personal information and/or protected health information for current and former subscribers and dependents, and current contracted providers. Harvard Pilgrim is not aware of any misuse of personal information or protected health information because of this incident. They are beginning to notify potentially affected individuals about this event and provide them with resources and guidance on protecting against identity theft and fraud, should they feel the need to do so. These updates are being posted to the Harvard Pilgrim website.

In addition, Harvard Pilgrim is also providing potentially affected Harvard Pilgrim health plan members with complimentary access to two years of credit monitoring and identity theft protection services. A dedicated call center has also been established to assist members with questions and enrollment into these credit monitoring services.

Harvard Pilgrim is continuing active investigations and conducting extensive system reviews and analysis before they can resume normal business operations. In an effort to prevent a similar type of incident from occurring in the future, Point32Health: i) enhanced its security tools used to scan its networks for malware; (ii) is reviewing and enhancing user access protocols; (iii) is enhancing vulnerability scanning and prioritizing security improvements; (iv) is implementing a new sustainable Endpoint Detection and Response (EDR) security solution to detect and respond to cyber threats; (v) is conducting password resets for administrative accounts; and vi) is rebuilding or restoring its systems.

For additional information, please go to for answers to Frequently Asked Questions regarding the incident.

Related Articles