Major Massachusetts Health Insurer Suffers Ransomware Attack
Point32 Health, the second-largest health insurer in the state of Massachusetts, has announced it has experienced a ransomware attack that has resulted in system outages, including systems that are used to service its members, accounts, brokers, and providers.
Point32 Health is the parent company of Tufts Health Plan and Harvard Pilgrim Health Care and serves more than 2 million individuals in New England. Point32 Health said the outages have mainly affected Harvard Pilgrim Health Care customers, in particular, those with commercial or New Hampshire Medicare plans. Tufts Health Plan members are not understood to have been affected.
Point32 Health said it detected the presence of a malicious actor within its network on April 17, 2023, and took immediate action to contain the threat, which involved taking multiple systems offline while the attack was investigated and remediated. Efforts are underway to restore systems as soon as possible, and the staff and third-party cybersecurity experts are working around the close to bring systems back online.
The attack has caused disruption to providers and members, with some reportedly having experienced problems getting prior authorizations for medical procedures. Point32 Health said any members that require urgent assistance should call the member services number on their ID cards.
No ransomware gang appears to have claimed responsibility for the attack at this stage; however, ransomware gangs typically provide victims with a few days to pay the ransom before issuing public announcements. If the ransom is not paid, pressure is increased by publishing the stolen data.
At this stage of the investigation, it is unclear to what extent, if any, plan member data is involved. Point32 Health said that if the investigation confirmed that if personal or protected health information has been exposed or stolen, individual notifications will be mailed to those individuals as soon as possible.
The post Major Massachusetts Health Insurer Suffers Ransomware Attack appeared first on HIPAA Journal.
U.S. Data Privacy Protection Laws: A Comprehensive Guide – Forbes
BreachLock Releases SET “See External Threats” for External Attack Surface Management – Yahoo Finance
Former TMS CEO joins Beyond Marketing as Medical and Education … – Digital Journal
OCR Issues Proposed Rule to Modify HIPAA Privacy Rule to Include … – Lexology
Weaponizing HIPAA Privacy – Treasury & Risk
Weaponizing HIPAA Privacy Treasury & Risk