Harvard Pilgrim Health Care (HPHC) was hit by a ransomware attack

Harvard Pilgrim Health Care (HPHC) is one of the largest health services providers in the United States, serving more than 2.5 million members in four states. However, the organization recently became the victim of a ransomware attack that compromised its systems and exposed its members’ and providers’ sensitive data.

Read: Gravity Forms Plugin Exposes WordPress Sites to Hackers

According to a notice published by HPHC on May 23, 2023, the cyberattack was detected on April 17, 2023, and affected the systems used to connect to members, accounts, brokers, and providers. The investigation revealed that the attackers had access to HPHC’s network from March 28 to April 17, 2023, and copied and took data from its systems.

The data that was stolen included personal information such as names, addresses, phone numbers, dates of birth, health insurance account information, and Social Security numbers. It also included clinical information such as medical history, diagnoses, treatment, dates of service, and provider names. The breach impacted current and former members of HPHC who had a registration date starting on March 28, 2012.

HPHC stated that it had not found any evidence of misuse of the stolen data so far, but it is offering credit monitoring and identity theft protection services to the affected individuals. It also advised them to be cautious of any unsolicited messages or calls that may attempt to exploit their information.

The ransomware group behind the attack has not been identified yet, but cybersecurity experts warn that they may use the data to pressure HPHC into paying a ransom or selling it to other criminals, or publishing it online. Ransomware attacks have become more frequent and sophisticated in recent years, targeting various sectors such as healthcare, education, and government.

HPHC said that it is taking the incident very seriously and is working to restore its systems and implement additional security measures to prevent similar events in the future. It also apologized for any inconvenience or concern caused by the breach and thanked its members and providers for their patience and understanding.

Keep in touch with our blog to read the latest news and innovations in the cybersecurity world.