Harvard Pilgrim Health Care suffered a significant data breach due to external hacking between March 28, 2023, and April 17, 2023, compromising the personal and financial information of 2,632,275 individuals, including 993 Maine residents. The exposed data may include names, Social Security numbers, and financial account details, heightening the risk of identity theft and financial fraud. In response, the company offered two years of identity theft protection services via IDX to affected individuals. The breach was reported to the Maine Office of the Attorney General on February 15, 2024, underscoring the severity of the incident and its potential long-term consequences for customers, including fraud, financial loss, and reputational harm to the organization.
TPRM report: https://www.rankiteo.com/company/harvard-pilgrim-health-care
"id": "har504091625",
"linkid": "harvard-pilgrim-health-care",
"type": "Breach",
"date": "3/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'customers_affected': '2,632,275',
'industry': 'Healthcare',
'location': 'United States (including 993 Maine '
'residents)',
'name': 'Harvard Pilgrim Health Care',
'type': 'Healthcare Provider / Insurance'}],
'attack_vector': 'External Hacking',
'customer_advisories': 'Identity theft protection services offered for two '
'years via IDX',
'data_breach': {'data_exfiltration': 'Likely (data compromised in breach)',
'number_of_records_exposed': '2,632,275',
'personally_identifiable_information': ['names',
'Social Security '
'numbers'],
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Personally Identifiable '
'Information (PII)',
'Financial Account Information']},
'date_publicly_disclosed': '2024-02-15',
'description': 'The Maine Office of the Attorney General reported that '
'Harvard Pilgrim Health Care experienced a data breach '
'involving external hacking from March 28, 2023, to April 17, '
'2023, affecting approximately 2,632,275 individuals, '
'including 993 Maine residents. The compromised data may '
'include names, Social Security numbers, and financial account '
'information. Identity theft protection services were offered '
'for two years through IDX.',
'impact': {'data_compromised': ['names',
'Social Security numbers',
'financial account information'],
'identity_theft_risk': 'High (PII and financial data exposed)',
'payment_information_risk': 'High (financial account information '
'exposed)'},
'references': [{'date_accessed': '2024-02-15',
'source': 'Maine Office of the Attorney General'}],
'regulatory_compliance': {'regulatory_notifications': 'Maine Office of the '
'Attorney General (and '
'potentially others, '
'given multi-state '
'impact)'},
'response': {'recovery_measures': 'Offered two years of identity theft '
'protection services via IDX',
'third_party_assistance': 'IDX (for identity theft protection '
'services)'},
'title': 'Harvard Pilgrim Health Care Data Breach (2023)',
'type': 'Data Breach'}