View All R&D Articles

Harvard Pilgrim Health Care Ransomware Attack Impacts 2.5 Million People

June 12, 2023

In a recent disclosure, Harvard Pilgrim Health Care (HPHC) revealed that an April 2023 ransomware attack compromised the sensitive data of 2,550,922 people.

HPHC is a non-profit health services provider based in Massachusetts. The organization reported that the attack occurred from March 28 to April 17, and that bad actors accessed sensitive data of patients and others.

Some of that data included personally identifiable information (PII), which necessitated a disclosure to the U.S. Department of Health and Human Services.

“On April 17, 2023, Harvard Pilgrim discovered a cybersecurity ransomware incident that impacted systems that support Harvard Pilgrim Health Care Commercial and Medicare Advantage Stride℠ plans (HMO)/(HMO-POS),” the notice reads.

“We are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.”

According to the disclosure,, the compromised data may include:

  • Names and physical addresses
  • Phone numbers
  • Dates of birth
  • Health insurance account information
  • Social Security numbers
  • Provider taxpayer identification numbers
  • Clinical information, including medical histories, diagnoses, treatments, dates of service, and provider names.

While HPHC says that they are not aware of any misuse of PII, the organization has established a dedicated call center for impacted individuals. HPHC has also offered complimentary credit monitoring and identity theft protection services. 

The dedicated assistance line is 888-220-5517. Individuals can also contact the Provider Service Center via email at

Ransomware is a growing threat for healthcare providers.

Health care providers make excellent targets for bad actors for several reasons. In the United States (and in many other countries), healthcare privacy laws are strictly enforced — so when an attack occurs, the victims have a strong incentive to resolve the issue as quickly as possible.

Healthcare data also tends to include valuable PII that can be sold to other bad actors or ransomed for additional rewards after the initial incident. Finally, many healthcare providers use outdated security controls, which enables bad actors to deploy ransomware through standard attack vectors such as phishing.

At, we regularly work with ransomware victims to resolve attacks and mitigate threats. We strongly recommend taking immediate steps when an attack occurs:

  • Contact a professional cybersecurity firm. The first steps are critical; as the HPHC attack shows, ransomware can be deployed over the course of several days, and the infected systems must be isolated as quickly as possible.
  • Don’t pay the ransom. In some situations, paying for ransomware may be illegal. Even when this isn’t the case, paying the ransom does not guarantee that your data will be restored.
  • Provide all employees with appropriate training for recognizing phishing attempts. Engage in regular security audits and penetration (PEN) testing to identify and resolve potential attack vectors.
  • Keep documentation. By accurately identifying the infected systems, the file types/names of compromised data, and the demands of the ransomware group, you can work more effectively with cybersecurity experts to resolve the threat.

If you’re victimized by ransomware, we’re here to help. provides ransomware investigation and remediation, along with PEN testing and other essential disaster recovery services. To learn more, call 1-800-237-4200 or submit a case online.