Harvard Pilgrim Health Care is continuing to deal with the fallout from a cyberattack that has sparked a “significant impact” to members and providers, the local health care giant said Wednesday.
Point32Health, the parent organization of Harvard Pilgrim Health Care and Tufts Health Plan, on April 17 identified a cybersecurity ransomware incident that has affected Harvard Pilgrim Health Care systems.
Nine days later, the Canton-based company is still dealing with the aftermath of the cyberattack.
“The ransomware incident impacting Harvard Pilgrim Health Care systems, which we identified on April 17, remains an active incident,” Point32Health said in a statement. “Out of an abundance of caution, we proactively took access to nearly all of Harvard Pilgrim Health Care systems offline.”
“We recognize the significant impact this is having on our members, providers, customers and vendors,” added Point32Health. “We continue to do everything we can to assist and support them until our systems are back online.”
The parent organization of Harvard Pilgrim Health Care notified law enforcement and hired a third-party cybersecurity firm to investigate the root cause of the ransomware incident.
“Our top priority is to ensure our members continue to have access to care,” Point32Health said. “We are working diligently to restore the impacted systems as quickly and as safely as possible.”
Tufts Health Plan, Tufts Medicare Preferred and Tufts Health Public Plans systems were not affected.
The company has taken several steps in the wake of the cyberattack, including setting up a customer service phone line for impacted Harvard Pilgrim Health Care members who have urgent medical needs (800-260-0574).
“While we work diligently to restore affected systems as quickly and as safely as possible, our team is working around the clock to ensure Harvard Pilgrim Health Care members receive the services they need,” Point32Health said.
“We take the privacy and security of the data entrusted to us seriously,” the company added. “If during our investigation we determine any individuals’ sensitive information is involved in this incident, we will notify them according to applicable law.”