article featured image


HPHC has revealed that in April 2023, a ransomware attack impacted 2,550,922 people and stole their sensitive data. This information was shared by the Massachusetts-based non-profit health services provider with the US Department of Health and Human Services breach portal.

The company announced last week that it discovered a breach on April 17, 2023, and that ransomware actors had access to its systems from March 28.

After consulting with outside cybersecurity experts, HPHC’s investigation concluded that sensitive data had been stolen from the company’s network.

Unfortunately, the investigation identified signs that data was copied and taken from our Harvard Pilgrim systems from March 28, 2023, to April 17, 2023. (…) We are continuing our active investigation and conducting extensive system reviews and analysis before we can resume our normal business operations.


The security breach has caused a significant impact on the coverage of Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride systems.

What Type of Data Was Stolen?

The stolen files contain the following types of information:

  • Full names
  • Physical addresses
  • Phone numbers
  • Dates of birth
  • Health insurance account information
  • Social Security numbers
  • Provider taxpayer-identification numbers
  • Clinical information, including medical history, diagnoses, treatment, dates of service, and provider names.

The exposed data is highly sensitive and has the potential to render affected parties vulnerable to phishing or social engineering exploits. So far, the company had not detected any cases of stolen data misuse, as per Bleeping Computer.

Who Was Affected?

As per the organization’s clarification, the security breach has affected both past and present Harvard Pilgrim members, whose registration date started on March 28, 2012.

It is highly recommended that current and former members of HPHC be cautious when receiving unsolicited messages and remain vigilant for an extended period of time. As an additional measure, HPHC offers credit monitoring and identity theft protection services to those who may be at risk as a result of this security breach.

As of this time, no ransomware group has publicly claimed responsibility for the attack on the company.

HPCH’s notice of the data security incident is available here.

On March 14, another U.S. healthcare organization, Independent Living Systems, suffered a data breach that exposed the information of 4.2 million patients.

If you want to learn more about: how ransomware spreads, how to mitigate and how to prevent ransomware attacks, check out the linked articles.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

Do you work for an NHS Trust? Heimdal is giving you free ransomware licenses to combat growing cyber attacks.

Get your free ransomware protection here.

Author Profile

Madalina Popovici

Digital PR Specialist

linkedin icon

Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.

Leave a Reply

Your email address will not be published. Required fields are marked *