In a class action lawsuit filed last week, the insurance company Harvard Pilgrim Health Care was sued by one of its customers’ providers and its parent company, Point32Health, for failing to protect the personal information of its customers in a massive data breach that affected 2.5 million people. .
Attorneys for Valeria Salerno Gonzalez, a client of HPHC, said the health care organization and Point32Health “intentionally, intentionally, recklessly or recklessly” failed to secure personal health and identity information and that the company failed to take appropriate action. To prevent data breaches.
HPHC is not part of Harvard University, but it was. It was founded by the former dean of Harvard Medical School, maintains the HMS connection and covers many Harvard affiliates. In 2000, when he was at Harvard He participates in the discussion to save the insurance company After incurring huge losses, the university[asserted] Rights to Use the Harvard Pilgrim Name” Massachusetts He was accused of continuing to allow HPHC To use the Harvard name.
HPHC’s parent company, Point32Health, was created as a result of HPHC’s 2021 merger with Tufts Health Plan. Point32Health is the second largest insurer in Massachusetts with 2.4 million customers.
HPHC warned customers last month that “data was copied from our Harvard Pilgrim system between March 28, 2023 and April 17, 2023,” prompting complaints — and now a lawsuit. The breach, according to the company, compromised a large amount of personal information, including names, addresses, social security numbers and health information.
“We want to assure you that we are taking this incident very seriously, and we sincerely regret any inconvenience this incident may cause,” the HPHC statement said.
In the four-count, 32-page lawsuit, Gonzalez’s attorneys — who want to file a jury trial — allege that HPHC and Point32Health’s “deliberate failure to fulfill their responsibilities” amounted to “mistakes in light of expectations, recklessness and gross negligence.” Hazards and known risks.
“As a proximate and foreseeable result of Defendants’ grossly negligent conduct, Plaintiff and Class Members have suffered injury and are at risk of further injury and damage,” the lawsuit reads.
The suit alleges that customers suffered identity theft and other damages as a result of HPHC and Point32Health’s breach of contract, and that HPHC and Point32Health “breached their covenant of good faith and fairness.” Negotiating at the expense of their clients and “were unjustly enriched”.
“We have made significant progress in bringing our systems online and processing various transactions,” Point32Health spokeswoman Kathleen Makela wrote in a statement to The Crimson.
“We expect more core functions and equipment to come back online over the next few weeks,” she added.
Makela indicated the distribution of payments for claims made before the event, the resumption of information sharing with partners and the implementation of additional security and detection measures.
Attorneys for Gonzales did not respond to requests for comment.
-Staff Secretary Raheem D. Hamid can be contacted. firstname.lastname@example.org.