[ad_1]
Point32Health, the parent organization of Harvard Pilgrim Health Care and other insurance plans, announced that data was copied and taken from the healthcare payer’s systems during a cyber breach that occurred between March 28 and April 17.
why it matters
HPHC, which has members in Massachusetts, New Hampshire, Maine and Connecticut, determined that the copied files contained personally identifiable information and/or protected health information relating to current and former clients and dependents, as well as contracted providers There may be information.
According to an announcement this week, the stolen data included names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers and clinical information.
HPHC noted in the statement that PHI may include medical history, diagnoses, treatments, dates of service and provider names.
The health insurer said it has contracted with Beaverton, Oregon-based IDX, a breach response company, to make field calls to concerned HPHC members and former members to determine whether their data may have been affected and then two Nominate individuals affected for years identity theft. Up to $1 million in surveillance and theft recovery.
A day after confirming the patient data was stolen, HPHC also posted a systems update on its website about the security update.
HPHC says it is implementing endpoint protection to improve cyber threat response, enhance vulnerability scanning, and identify and prioritize IT security improvements.
big trend
After first discovering the unauthorized access, Point32Health said it quickly took HPHC systems offline to contain the ransomware threat, but some damage was already done.
Initially, disruptions in care were being reported because providers and pharmacies may be concerned about the member’s covered services and medications and the insurer state employee was in the middle of open enrollment.
HPHC waived prior authorization requirements with some exceptions such as solid organ transplants, and its website provided frequently asked questions that impact operations including electronic payments.
The insurer said it was working with OptumRx on approving prescriptions for new member enrollments that were in process when the system went down.
HPHC filed with the state of Maine that 75,534 of its residents who had health coverage through December 2022 were affected by the breach.
As far as service interruption is concerned, HPHC informed Portland Press Herald May 24 by email that it is still working to restore its system.
The company is still undergoing internal IT and business verification, according to the story.
“Once this process is complete, some of our processes will be available in a phased manner, with our thorough security checks,” said company spokeswoman Kathleen Makela.
On the record
“At this point, Harvard Pilgrim is not aware of any misuse of personal information and protected health information as a result of this incident, but is nonetheless beginning to notify potentially affected individuals to provide them with more information and resources.” Is done.”
Andrea Fox is a senior editor for Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS Media publication.










