Point32Health Insurer Suffers Massive Data Breach Impacting 2.8 Million Individuals

In April 2023, Point32Health, the prominent health insurer based in Massachusetts, encountered a severe data breach, affecting a staggering 2.8 million individuals. This breach, attributed to a ransomware attack, targeted systems affiliated with Point32Health's Harvard Pilgrim Health Care brand, which includes platforms supporting Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride plans, as well as those serving members, accounts, brokers, and providers.

Upon discovery on April 17, the investigation revealed unauthorized access to data between March 28 and April 17 of the same year. Consequently, the compromised information encompasses a wide array of personal details such as names, addresses, birth dates, phone numbers, Social Security numbers, health insurance account specifics, financial account data, medical histories, diagnoses, and treatment records.

Despite the breach, Point32Health reassured impacted individuals that no evidence of misuse had been detected thus far. Nonetheless, the company initiated a notification process in May 2023 and notified the US Department of Health and Human Services about the potential scope of the breach, indicating over 2.55 million individuals might have been affected.

Recently, Point32Health updated the affected count to over 2.86 million individuals in a revised data breach notice filed with the Maine Attorney General's Office. In response to the breach, the company is offering complimentary credit monitoring and identity protection services to affected individuals.

Point32Health, resulting from the 2021 merger between Harvard Pilgrim and Tufts Health Plan, holds the position of the second-largest insurer in Massachusetts, catering to clients not only in Massachusetts but also in Connecticut, Maine, and New Hampshire.