Teiss reports:
Harvard Pilgrim Health Care and its parent company, Point32Health, have reached a $16 million settlement to resolve claims arising from a 2023 ransomware attack that compromised the sensitive data of nearly three million individuals. The agreement follows multiple class action lawsuits that were consolidated into a single case in the U.S. District Court for the District of Massachusetts.
The cyberattack, which took place between March 28 and April 17, 2023, resulted in unauthorized access to systems containing the protected health information of 2,967,396 health plan members. Hackers deployed ransomware to encrypt files after exfiltrating a significant volume of data, including names, contact information, dates of birth, medical histories, diagnosis and treatment details, Social Security numbers, and other personally identifiable information. Harvard Pilgrim Health Care began issuing notification letters to affected individuals on a rolling basis starting on May 24, 2023, continuing through June 2024 as additional individuals were identified as victims of the breach.
Read more at Teiss.
