Anyone who received notice from Harvard Pilgrim Health Care that their information may have been exposed in a data breach.
What’s Going On?
Harvard Pilgrim announced that the personal and health information of more than 2.5 million individuals was exposed for weeks during a ransomware attack, and attorneys are investigating whether a class action lawsuit can be filed on behalf of victims.
How Could a Lawsuit Help?
A class action lawsuit could help compensate people whose information was affected and potentially force the health services provider to strengthen its data security.
Attorneys working with ClassAction.org want to hear from anyone who received a data breach notice from Harvard Pilgrim Health Care.
On May 24, the New England-based health services provider reported that personal and medical information belonging to 2,550,922 people was exposed during a ransomware attack from March 28 to April 17, 2023.
Attorneys are looking into whether Harvard Pilgrim had adequate data security procedures in place and whether a class action lawsuit can be filed on behalf of people whose information was exposed. A lawsuit could potentially help compensate data breach victims for any harm they experienced as a result of the breach.
Harvard Pilgrim Data Breach: What Happened?
Harvard Pilgrim, which provides health benefit plans, programs and services to more than 3 million customers, notified the U.S. Department of Health and Human Services in late May that it had been the target of a ransomware attack during which more than 2.5 million individuals’ personal and health information was compromised.
Ransomware attacks typically involve criminals encrypting information on a computer network and demanding that the victim pay a ransom in exchange for the decryption key. Some hackers will also threaten to publish or sell the stolen data unless the victim pays the ransom. According to reports, Harvard Pilgrim has not revealed whether it paid a ransom.
According to a data breach notice posted on the company’s website, the security incident affected current and former Harvard Pilgrim members (including subscribers and dependents of health plans purchased directly from the company, through state-based exchanges or selected by an employer) who enrolled between March 28, 2012 and April 17, 2023. Current and former members of Health Plans Inc. between June 1, 2020 and April 17, 2023 and providers who are currently contracted with the company may have also been affected.
Per the data breach notice, the ransomware attack affected systems that support the Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride plans. Harvard Pilgrim stated that a subsequent investigation uncovered “signs that data was copied and taken” from its systems.
The following consumer information may have been exposed during the data breach:
Dates of birth
Health insurance account information
Social Security numbers
Provider taxpayer ID numbers
Clinical information, such as medical history, diagnoses, treatment, dates of service and provider names
Harvard Pilgrim says it began mailing data breach notices to affected individuals around June 15, 2023.
How a Class Action Lawsuit Could Help
If filed and successful, a class action lawsuit could help compensate data breach victims for any harm they experienced as a result of the breach, including by providing money for:
Loss of privacy
Lost time spent responding to the breach
Out-of-pocket expenses, such as the cost of credit reports
Additional credit monitoring and identity protection services
A lawsuit could also potentially force Harvard Pilgrim to implement stronger data security practices and procedures to ensure that its systems are protected from future attacks.