Point32Health Says Its Harvard Pilgrim Health Care’s IT Systems Remain Offline
A health insurer to 2.2 million New Englanders is struggling to recover after it identified a ransomware attack 10 days ago that forced it to take many of its IT systems and functions offline.
Point32Health, Massachusetts’ second-largest health insurer and parent company of nearly a dozen companies, discovered its ransomware attack on April 17. The incident affected Harvard Pilgrim Health Care’s commercial and New Hampshire Medicare Advantage Stride plans.
The Point23Health incident so far appears to have not prevented patients from receiving healthcare services. The attack nonetheless shows the potential for that to happen, said Brett Callow, a threat analyst at security firm Emsisoft.
“To ensure people receive the care they need when they need it, we need to bolster security not only in hospitals, but also across the whole healthcare ecosystem,” he told Information Security Media Group.
“We recognize the significant impact this is having on our members, providers, customers and vendors,” Point32Health said in the statement. “We continue to do everything we can to assist and support them until our systems are back online.”
After detecting the incident on April 17, Point32Health says it took its Harvard Pilgrim Health Care systems offline to contain the threat.
In the interim, it has set up a customer service phone line for affected Harvard Pilgrim Health Care members who have urgent medical needs, waived prior authorization requirements for most medical services for affected members, and restored limited versions of its public-facing websites, as well as portals used by brokers and healthcare providers.
Point32Health did not disclose what type of ransomware the hackers used or whether it paid a ransom.
So far this year, 21 health plans have reported major health data breaches to federal regulators, affecting nearly 713,000 individuals. Most of the breaches have been disclosed to regulators as hacking incidents.