Background

In April 2023, health insurance carrier, Harvard Pilgrim Health Care discovered a cybersecurity ransomware attack affecting systems used to service members, accounts, brokers and providers.  Investigation revealed the files attackers copied from the Harvard Pilgrim systems, between March and April 2023, may have contained provider personal information.

While no personal provider information is submitted with individual patient service claims, personal information is required as part of the credentialing process when providers are connected to the practice Tax ID for billing.

Provider personal information, in files associated with this incident, may include the provider’s name and Social Security number. Harvard Pilgrim is not aware of any misuse of this information due to this incident.

Action

Harvard Pilgrim sent a letter to affected providers in late March 2024.   It is advised for providers to be on the lookout for this letter.  The letter provides important information on steps providers can take to protect their personal information. In addition, providers affected by this incident are being offered 2 years of complimentary credit monitory and identity protection services through IDX.  For assistance with questions regarding this incident individuals my call IDX at (888) 693-0709 or go to https://response.idx.us/HPHC.

Michele Krpata, BSW, CPC, CPMA

Compliance Officer, Quality Reporting Analyst