www.point32health.org Open in urlscan Pro
20.232.218.239  Public Scan

Form analysis
1 forms found in the DOM

GET https://www.point32health.org/provider/

<form role="search" method="get" class="search-form" action="https://www.point32health.org/provider/">
  <label for="search-form-646cf97b5d262">
    <span class="screen-reader-text">Search for:</span>
  </label>
  <input type="search" id="search-form-646cf97b5d262" class="search-field" placeholder="Search …" value="" name="s">
  <button type="submit" class="search-submit"><svg class="icon icon-search" aria-hidden="true" role="img">
      <use xlink:href="#icon-search"></use>
    </svg><span class="screen-reader-text">Search</span></button>
</form>

Text Content

Skip to content
Point32Health Provider
Toggle Menu
 * Home
 * Integration FAQ
 * News
 * Click to expand Provider Training
   * Provider Training
   * Webinars and interactive training sessions

 * Harvard Pilgrim Health Care Login
 * Tufts Health Plan Login

Search
Search for: Search


POINT32HEALTH RANSOMWARE INCIDENT UPDATE: PROVIDER IMPACT

This notice serves to provide you with an update on our ransomware incident that
took place on April 17.  We are continuing our active investigation and
conducting extensive system reviews and analysis before we can resume our normal
business operations. Unfortunately, the investigation identified signs that data
was copied and taken from our Harvard Pilgrim Health Care (“Harvard Pilgrim”)
systems between March 28, 2023, and April 17, 2023. We determined that the files
at issue may contain personal information and/or protected health information
for current and former subscribers and dependents and current contracted
providers.

We want to assure you that we take the privacy and security of the data
entrusted to us very seriously, and we deeply regret any inconvenience this
incident may cause.

What Happened

On April 17, Harvard Pilgrim discovered a cybersecurity ransomware incident that
impacted systems that support Harvard Pilgrim Health Care (HPHC) Commercial and
Medicare Advantage StrideSM plans (HMO)/(HMO-POS). We are working with
third-party cybersecurity experts to conduct a thorough investigation into this
incident and remediate the situation.

What Information Was Involved

The personal information in the files at issue may include your name, Social
Security number, and taxpayer identification number. We are not aware of any
misuse of your personal information or protected health information as a result
of this incident.

What We Are Doing

As explained above, we took immediate steps to secure our systems and engaged
third-party forensic experts to assist in the investigation. Further, in
response to this incident, we implemented and/or are continuing to implement
additional cybersecurity safeguard to our existing robust infrastructure to
better minimize the likelihood of this type of event occurring again.

Additionally, we are providing you with the opportunity to register for two (2)
years of complimentary credit monitoring and identity protection services
through IDX. Although we are making these services available to you, we are
unable to enroll you directly. For enrollment instructions, please review the
information below, Steps You Can Take to Protect Personal Information.

What You Can Do

We recommend that you remain vigilant, monitor and review all of your financial
and account statement, and report any unusual activity to the institution that
issued the record and to law enforcement. You may also review the guidance
contained in Steps You Can Take to Protect Personal Information.

For More Information

The security of your protected health information is a top priority for us. We
sincerely regret this incident occurred and for any concern it may cause you. We
understand that you may have additional questions. For assistance with questions
regarding this incident, please call our dedicated call center, IDX, at (888)
220-5517. Representatives are available between the hours of 9:00 am to 9:00 pm
Eastern time, Monday through Friday (excluding U.S. holidays).

In addition to this notification about your data, we want to make you aware that
we are notifying current and former subscribers and dependents whose information
may have been potentially impacted.


STEPS YOU CAN TAKE TO PROTECT YOUR PERSONAL INFORMATION

Services Being Offered by Harvard Pilgrim

Enrollment Code: QE3U9P6XL

Go to https://response.idx.us/HPHC and follow the instructions for enrollment
using your Enrollment Code above. Additionally, you may call the IDX call center
at (888) 220-5517 (toll free), Monday through Friday from 9:00 a.m. to 9:00 p.m.
ET, excluding U.S. holidays.

Other Steps You Can Take to Monitor your Accounts

Under U.S. law, a consumer is entitled to one free credit report annually from
each of the three major credit reporting bureaus, Equifax, Experian, and
TransUnion. To order a free credit report, visit www.annualcreditreport.com or
call, toll-free, 1-877-322-8228. Consumers may also directly contact the three
major credit reporting bureaus listed below to request a free copy of their
credit report.

Consumers have the right to place an initial or extended “fraud alert” on a
credit file at no cost. An initial fraud alert is a 1-year alert that is placed
on a consumer’s credit file. Upon seeing a fraud alert display on a consumer’s
credit file, a business is required to take steps to verify the consumer’s
identity before extending new credit. If consumers are the victim of identity
theft, they are entitled to an extended fraud alert, which is a fraud alert
lasting seven years. Should consumers wish to place a fraud alert, please
contact any of the three major credit reporting bureaus listed below.

As an alternative to a fraud alert, consumers have the right to place a “credit
freeze” on a credit report, which will prohibit a credit bureau from releasing
information in the credit report without the consumer’s express authorization. A
security freeze essentially blocks any potential creditors from being able to
view or pull your credit file unless you affirmatively unfreeze or thaw your
file beforehand.  Having a freeze in place does nothing to  prevent you from
using existing lines of credit you may already have, such as credit, mortgage
and bank accounts.  When you place a freeze, each credit bureau will assign you
a personal identification number (PIN) that needs to be supplied when you open a
new line of credit.  When that time comes, consumers can temporarily thaw a
freeze for a specified duration either online or by phone. However, consumers
should be aware that using a credit freeze to take control over who gets access
to the personal and financial information in their credit report may delay,
interfere with, or prohibit the timely approval of any subsequent request or
application they make regarding a new loan, credit, mortgage, or any other
account involving the extension of credit. Pursuant to federal law, consumers
cannot be charged to place or lift a credit freeze on their credit report. To
request a credit freeze, individuals may need to provide some or all of the
following information:

 1. Full name (including middle initial as well as Jr., Sr., II, III, etc.);
 2. Social Security number;
 3. Date of birth;
 4. Addresses for the prior two to five years;
 5. Proof of current address, such as a current utility bill or telephone bill;
 6. A legible photocopy of a government-issued identification card (state
    driver’s license or ID card, etc.); and
 7. A copy of either the police report, investigative report, or complaint to a
    law enforcement agency concerning identity theft if they are a victim of
    identity theft.

Should consumers wish to place a credit freeze or fraud alert, please contact
the three major credit reporting bureaus listed below:

scroll right scroll left



Equifax  Experian  TransUnion
https://www.equifax.com/personal/credit-report-services/
https://www.experian.com/help/ https://www.transunion.com/credit-help
1-888-298-0045 1-888-397-3742 1-800-916-8800 Equifax Fraud Alert, P.O. Box
105069 Atlanta, GA 30348-5069 Experian Fraud Alert, P.O. Box 9554, Allen, TX
75013 TransUnion Fraud Alert, P.O. Box 2000, Chester, PA 19016 Equifax Credit
Freeze, P.O. Box 105788 Atlanta, GA 30348-5788 Experian Credit Freeze, P.O. Box
9554, Allen, TX 75013 TransUnion Credit Freeze, P.O. Box 160, Woodlyn, PA 19094

 

Additional Information

Consumers may further educate themselves regarding identity theft, fraud alerts,
credit freezes, and the steps they can take to protect your personal information
by contacting the consumer reporting bureaus, the Federal Trade Commission, or
their state Attorney General. The Federal Trade Commission may be reached at:
600 Pennsylvania Avenue NW, Washington, D.C. 20580; www.identitytheft.gov;
1-877-ID-THEFT (1-877-438-4338); and TTY: 1-866-653-4261. The Federal Trade
Commission also encourages those who discover that their information has been
misused to file a complaint with them. Consumers can obtain further information
on how to file such a complaint by way of the contact information listed above.
Consumers have the right to file a police report if they ever experience
identity theft or fraud. Please note that in order to file a report with law
enforcement for identity theft, consumers will likely need to provide some proof
that they have been a victim. Instances of known or suspected identity theft
should also be reported to law enforcement and the relevant state Attorney
General. This notice has not been delayed by law enforcement.  The following is
information required by applicable state law:

For District of Columbia residents, the District of Columbia Attorney General
may be contacted at: 400 6th Street, NW, Washington, D.C. 20001; 202-727-3400;
and oag.dc.gov.

For Maryland residents, the Maryland Attorney General may be contacted at: 200
St. Paul Place, 16th Floor, Baltimore, MD 21202; 1-410-528-8662 or
1-888-743-0023; and https://www.marylandattorneygeneral.gov/.

For New Mexico residents, consumers have rights pursuant to the Fair Credit
Reporting Act, such as the right to be told if information in their credit file
has been used against them, the right to know what is in their credit file, the
right to ask for their credit score, and the right to dispute incomplete or
inaccurate information. Further, pursuant to the Fair Credit Reporting Act, the
consumer reporting bureaus must correct or delete inaccurate, incomplete, or
unverifiable information; consumer reporting agencies may not report outdated
negative information; access to consumers’ files is limited; consumers must give
consent for credit reports to be provided to employers; consumers may limit
“prescreened” offers of credit and insurance based on information in their
credit report; and consumers may seek damages from violators. Consumers may have
additional rights under the Fair Credit Reporting Act not summarized here.
Identity theft victims and active-duty military personnel have specific
additional rights pursuant to the Fair Credit Reporting Act. We encourage
consumers to review their rights pursuant to the Fair Credit Reporting Act by
visiting
www.consumerfinance.gov/f/201504_cfpb_summary_your-rights-under-fcra.pdf, or by
writing Consumer Response Center, Room 130-A, Federal Trade Commission, 600
Pennsylvania Ave. N.W., Washington, D.C. 20580.

For New York residents, the New York Attorney General may be contacted at:
Office of the Attorney General, The Capitol, Albany, NY 12224-0341;
1-800-771-7755; or https://ag.ny.gov.

For North Carolina residents, the North Carolina Attorney General may be
contacted at: 9001 Mail Service Center, Raleigh, NC 27699-9001; 1-877-566-7226
or 1-919-716-6000; and www.ncdoj.gov.

For Rhode Island residents, the Rhode Island Attorney General may be reached at:
150 South Main Street, Providence, RI 02903; www.riag.ri.gov; and
1-401-274-4400. Under Rhode Island law, individuals have the right to obtain any
police report filed in regard to this event.

© 2023 Point32Health, Inc.

 * Nondiscrimination Statement
 * Website Terms of Use
 * Privacy Policy
 * Accessibility Statement