Harvard Pilgrim says customers' information compromised in cyber attack
BOSTON - Personal information was stolen in a massive health insurance hack. Point32Health, the parent organization of Harvard Pilgrim Health Care, said the cyber attack started in March.
Psychologist Bryan Harnsberger of Wellesley is among the providers who missed two weeks of payments from Harvard Pilgrim due to the ransomware attack and received very little communication about why.
"For the most part a lot of people are flying blind. It's felt like the Wild West out here," Harnsberger said.
Now, Point32Health, admits that patient and provider data was exposed.
"This is a pretty significant ransomware attack," said cybersecurity expert Peter Tran.
The company says information was taken from Harvard Pilgrim systems from March 28 to April 3, including names, addresses, Social Security numbers, taxpayer ID numbers, and medical information and history.
"You can use it to impersonate identity, to open loans to basically take over your entire financial life," Tran said.
In a statement, the company said, "Harvard Pilgrim is taking this incident extremely seriously and... is taking steps to implement additional data security enhancements and safeguards to better protect against similar events in the future."
Patients and providers are frustrated by a lack of transparency.
"It's discouraging, to say the least. It is also really, really, difficult. The fact that we have been learning about these things and press release and press release and press release, that is incredibly hard to find," Harnsberger said.
But the company and experts say it's not clear if data was just accessed or misused.
"That's the nature of ransomware. They hold it hostage until you either pay or they negotiate some other term," Tran said. "The sky is not falling, but time will tell exactly how they will recover from this."
There are things you can do to protect yourself if you're worried about privacy. Harvard Pilgrim is offering identity protection and credit monitoring services to any affected customers. You can also file a fraud alert at all three credit reporting agencies and a report with the Federal Trade Commission.
A call center has been set up for questions regarding the data breach. Customers can call (888) 220-5517 from 9 a.m.-9 p.m. Monday-Friday. Information is also posted on Harvard Pilgrim's website.