Point32Health Warns Members of Ransomware Attack Affecting Customer Service Systems

Parent company of Harvard Pilgrim Health Care and Tufts Health Plan identifies cybersecurity incident; some systems taken offline to contain the threat

Point32Health, the corporate parent of Harvard Pilgrim Health Care and Tufts Health Plan, announced on Wednesday that a cybersecurity ransomware incident is affecting systems used for servicing customers, accounts, brokers, and providers. The company identified the attack on Monday and proactively took some systems offline to contain the threat.

According to Point32Health, “Point32Health identified a cybersecurity ransomware incident that impacted systems we use to service members, accounts, brokers, and providers. At this time, most systems impacted are on the Harvard Pilgrim Health Care side of our business. After detecting the unauthorized party, and out of an abundance of caution, we proactively took certain systems offline to contain the threat. We have notified law enforcement and regulators, and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.”

The issue affects members covered under Harvard Pilgrim Health Care’s commercial plans and New Hampshire Medicare plans but does not impact Tufts Health Plan products, according to Point32Health.

In a statement, the company said, “Our top priority is to ensure our members continue to have access to care. While we work diligently to restore the impacted systems as quickly and as safely as possible, our team is working around the clock to provide workarounds for members to receive the services they need.”

Point32Health has notified law enforcement and regulators, and is working with third-party cybersecurity experts to conduct a thorough investigation of the incident.