Harvard Pilgrim Health Care Increases Ransomware Victim Count to 2.86 Million
In February, Harvard Pilgrim Health Care revised the total number of individuals affected by an April 2023 ransomware attack, increasing the total by more than 81,000 to 2,632,275 individuals. That total was increased for the fourth time on March 27, 2024, as the ongoing investigation identified more data that was compromised in the attack. Now, at least 2,860,795 individuals are known to have been affected.
The ransomware attack was discovered on April 17, 2023, with the forensic investigation determining there had been unauthorized access to its network between March 28, 2023, and April 17, 2023. The additional 228,520 affected individuals have now been notified by mail and the notification letters state the exact types of data that were likely compromised in the attack. Harvard Pilgrim Health Care said it is offering complimentary credit monitoring and identity protection services through IDX.
It is not unusual for data breach investigations to uncover additional compromised data. Further data identified as having been accessed in the attack included the information of patients of Brigham and Women’s Physician Organization (BWPO). BWPO is not part of Harvard Pilgrim, but an employee of Harvard Pilgrim Health Care Institute also worked at BWPO part-time. The employee had backed up the contents of their laptop to Harvard Pilgrim’s servers, and the backup file included BWPO data. BWPO learned of the data exposure in January 2024.
BWPO said the backup file included data from January 1, 2017, to May 1, 2019, including names, addresses, phone numbers, dates of birth, medical record numbers, health insurance numbers, and limited clinical information, such as lab results, procedures, medications, and diagnoses related to care provided at BWPO. A BWPO spokesperson said appropriate steps have been taken to address the breach and prevent similar incidents from occurring in the future.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy