NH residents file class action lawsuits against Harvard Pilgrim over data breach
After an April cybersecurity incident compromised millions of customers’ data, some of those affected are taking legal action.
Two New Hampshire residents are suing Harvard Pilgrim Health Care over a recent data breach.
In two separate class action lawsuits, they allege that Harvard Pilgrim and its parent company, Point32Health, failed to protect customer information by providing adequate cyber security. An April ransomware attack compromised the sensitive data of 2.5 million people, according to a disclosure filed with the federal government. The incident exposed information like their Social Security numbers, full names, addresses, phone numbers, dates of birth, provider taxpayer identification numbers and medical histories.
The lawsuits also claim it took the company too long to detect the cyber attack and notify customers, leaving impacted users vulnerable to identity theft and fraud.
One of the people suing the insurer works at St. Paul’s School in Concord and receives her health insurance through the school, according to her lawsuit. She claims she experienced $250 worth of credit card fraud after the incident.
In a separate lawsuit, another New Hampshire resident said she has experienced stress and other ailments due to the data breach, as well as an increase in spam texts and phone calls.
The New Hampshire residents aren’t alone in pursuing legal action against the insurer due to the data breach. Massachusetts residents filed two additional lawsuits. All four of the lawsuits have been filed in the U.S. District Court for the District of Massachusetts.
In a statement, Point32Health said they have started to notify impacted individuals.
“Due to the systems outage we were not able to directly communicate with our members as contact information was not accessible,” Kathleen Makela, Director of Public Relations for Point32Health, wrote in a statement to NHPR.
Makela said they tried to use other channels — like their website, notices to employers or brokers, and press releases — to let people know that they were offering credit monitoring in response to the incident.
She said Point32Health will begin mailing notifications to people who were potentially affected by June 15.
This article is being shared by partners in The Granite State News Collaborative. For more information visit collaborativenh.org.