New England based Point32Health, the parent company for both Tufts Health Plan and Harvard Pilgrim Health Care, confirmed they experienced a ransomware incident on Monday. The attack affected systems it uses to service members, accounts, brokers and providers.
Patients reported issues accessing the system as far back as last Thursday and as of yesterday, the web site remained down. The company did not confirm the technical problems were a ransomware attack until their statement issued on Wednesday.
On April 17, Point32Health identified a cybersecurity ransomware incident that impacted systems we use to service members, accounts, brokers and providers. At this time, most systems impacted are on the Harvard Pilgrim Health Care side of our business. After detecting the unauthorized party, and out of an abundance of caution, we proactively took certain systems offline to contain the threat. We have notified law enforcement and regulators, and are working with third-party cybersecurity experts to conduct a thorough investigation into this incident and remediate the situation.
Roy Akerman, Co-Founder & CEO, Rezonate had this to say:
“Attackers continue to target Health Care businesses mainly for two reasons: the first, the criticality of restoring business operation is of first degree. It has direct impact on life saving operations and critical telemetry both doctors and patients are in need. Second, Health Care PII (personal Identifiable Information) is of high-demand in malicious forums and dark web. While a compromised credit card goes on sale for $1.99, an unreplaceable “human print” remains the highest cost, and respectively value, for the attacker to use and compromise.
“Together, alongside a distributed and dynamic infrastructure as we usually encounter with Health Care providers, protecting the infrastructure and at the same time being ready to react fast remains a challenge.
“While info about the initial access techniques into how the attacker was able to deploy the ransomware and propagate across the network, methods have not changed, and we believe that the same common techniques as seen recently used by leading ransomware groups will be similar here as well.”
The way that this was disclosed by Point32Health was sub optimal seeing as problems were seen last week. It really seems that based on the available facts that they were hoping to get this sorted and not admit to anything. But they were ultimately forced to. I don’t know if that is actually the case, but Point32Health needs to explain this better than they have. Otherwise the trust level that patients have with Point32Health will nosedive.