Point32Health, a non-profit healthcare insurance provider with over two million customers, was hit by a ransomware attack on Monday that forced the company to take its systems offline. The attack affected systems used for member services, accounts, brokers, and providers.
Point32Health, the result of a merger between Tufts Health Plan and Harvard Pilgrim Health Care, initiated an investigation and contacted law enforcement after the incident. The healthcare organization confirmed that it is working to restore its impacted systems and is providing workarounds for members to receive the services they need while the investigation is ongoing.
Not all of Point32Health’s businesses appear to be affected by the attack, which was mostly limited to Harvard Pilgrim Health Care, serving over 1.1 million members.
The statement posted on Point32Health’s website advised customers requiring urgent assistance to contact the member services number listed on their ID cards. The exact scale of the attack and the data compromised is still unknown, and no ransomware group has claimed responsibility yet.
The attack disrupted access to healthcare services for a potentially large number of customers and might have compromised highly sensitive data. The healthcare industry has been increasingly targeted by ransomware over the past three years, with multiple government advisories and attention from technology companies.
Earlier this month, Microsoft announced that it had obtained a court order to curb illegal use of Cobalt Strike, which the vendor said has been used in over 68 ransomware attacks affecting healthcare organizations.
