Finance & Banking , Fraud Management & Cybercrime , Industry Specific

New England Health Plan Still Recovering From Attack

Point32Health Says Its Harvard Pilgrim Health Care's IT Systems Remain Offline
New England Health Plan Still Recovering From Attack
Point32Health says its Harvard Pilgrim Health Care IT systems are still offline following a ransomware incident detected on April 17. (Image: Point32Health)

A health insurer to 2.2 million New Englanders is struggling to recover after it identified a ransomware attack 10 days ago that forced it to take many of its IT systems and functions offline.

See Also: NHS Ransomware Attack: Healthcare Industry Infrastructures Are Critical

Point32Health, Massachusetts' second-largest health insurer and parent company of nearly a dozen companies, discovered its ransomware attack on April 17. The incident affected Harvard Pilgrim Health Care’s commercial and New Hampshire Medicare Advantage Stride plans.

The Point23Health incident so far appears to have not prevented patients from receiving healthcare services. The attack nonetheless shows the potential for that to happen, said Brett Callow, a threat analyst at security firm Emsisoft.

"To ensure people receive the care they need when they need it, we need to bolster security not only in hospitals, but also across the whole healthcare ecosystem," he told Information Security Media Group.

"We recognize the significant impact this is having on our members, providers, customers and vendors," Point32Health said in the statement. "We continue to do everything we can to assist and support them until our systems are back online."

After detecting the incident on April 17, Point32Health says it took its Harvard Pilgrim Health Care systems offline to contain the threat.

In the interim, it has set up a customer service phone line for affected Harvard Pilgrim Health Care members who have urgent medical needs, waived prior authorization requirements for most medical services for affected members, and restored limited versions of its public-facing websites, as well as portals used by brokers and healthcare providers.

Point32Health did not disclose what type of ransomware the hackers used or whether it paid a ransom.

So far this year, 21 health plans have reported major health data breaches to federal regulators, affecting nearly 713,000 individuals. Most of the breaches have been disclosed to regulators as hacking incidents.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.