Harvard Pilgrim Health Care Ransomware Victim Count Rises to 2.6 Million
Harvard Pilgrim Health Care has confirmed that the information of 2,632,275 individuals was compromised in an April 2023 ransomware attack, increasing the previous total by 81,353. In updated notices submitted to the Attorneys General in California and Maine this month, Harvard Pilgrim Health Care explained that the attack was detected on April 17, 2023, and action was immediately taken to contain the threat and prevent further unauthorized access to its systems. Law enforcement and regulators were notified, and third-party cybersecurity experts were engaged to assist with its investigation and remediation efforts.
Harvard Pilgrim Health Care said the cybercriminal group behind the attack exfiltrated data from its systems between March 28, 2023, and April 17, 2023. The systems accessed by the attackers were used to service members, accounts, brokers, and providers, which contained names, Social Security numbers, and financial information. Harvard Pilgrim Health Care started notifying the affected individuals on May 23, 2023, and disclosed the breach to media organizations serving all 50 states. On June 15, individual HIPAA notification letters started to be mailed to the affected individuals. As the investigation progressed it became clear that other individuals had been affected. Harvard Pilgrim Health Care has offered complimentary credit monitoring and identity theft protection services to the affected individuals and has implemented additional cybersecurity safeguards to prevent similar breaches in the future.
UPDATE: On March 27, 2024, Harvard Pilgrim Health Care mailed a further 228,520 notification letters. At least 2,860,795 individuals are now known to have had their data compromised in the attack.
Coleman Professional Services Inc. Reports Breach of Employee Email Accounts
Coleman Professional Services, Inc., an Ohio-based provider of behavioral health services, has reported a breach of its email environment. On December 14, 2023, Coleman learned that an unauthorized third party had gained access to several employee email accounts. The forensic investigation confirmed the accounts were accessed by an unauthorized third party between September 18, 2023, and October 31, 2023.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The forensic investigation could not confirm whether any patient data was viewed or acquired, but the review of the affected accounts confirmed that they contained the protected health information of 51,889 individuals. The types of information exposed varied from individual to individual and may have included first and last names, dates of birth, Social Security numbers, driver’s license numbers, financial information, and, in some cases, health information. Identity theft protection services have been offered to the affected individuals. Coleman has also taken additional steps to prevent unauthorized individuals from accessing its employee email accounts.
North Hill Communities Report Cyberattack and Data Breach
North Hill, including North Hill Communities, Inc., North Hill Home Health Care, Inc., North Hill Needham, Inc., Connected for Life, Inc., and the North Hill Employee Dental Plan, has confirmed that the personal and protected health information of up to 4,798 individuals was potentially compromised in a December 2023 cyberattack.
The attack was detected on December 26, 2023, and the forensic investigation confirmed that its network had been compromised by an unauthorized third party on December 19, 2023. North Hill said it was not possible to determine whether personal or protected health information was accessed or acquired but did determine that the compromised parts of its network contained sensitive data. The exposed data included names in combination with one or more of the following: date of birth, date of death (if applicable), address, Social Security number, phone number, admission date, health insurance information, medical record number, treatment dates, financial account/bank account number, driver’s license number, claims information, and medical information.
North Hill started notifying the affected individuals on February 14, 2023 and is covering the cost of Single Bureau Credit Monitoring/Single Bureau Credit. Additional security detection and monitoring solutions are being implemented to help prevent similar occurrences in the future.
Advarra Inc. Reports Email Account Breach
Advarra Inc., a provider of integrated research compliance solutions, has reported a breach of the personal and protected health information of 4,656 individuals. On October 26, 2023, Advarra identified suspicious activity in an employee email account. The investigation confirmed that a single account was breached on October 25, 2023, and company and personal information in the account was acquired by an unauthorized third party. That information included names and Social Security numbers. Advarra is unaware of any actual or attempted misuse of data but has offered the affected individuals complimentary credit monitoring and identity theft protection services as a precaution.
