Point32 Health Gets Hit By a Ransomware Attack: Patients May Be Exposed
Table of Contents
- By Steven
- Published: Apr 27, 2023
- Last Updated: Mar 30, 2025
Point32Health is a health company based in Canton, Massachusetts. This company oversees a variety of different health plans and is responsible for maintaining health care for some key universities. For example, the company manages Tufts Health Plan, Harvard Pilgrim Health, and Integra Partners, to name a few. The business employs more than 1,100 people and generates over $9.4 billion in revenue annually.
How Did the Attack Occur?
On April 23, 2023, Point32Health had a software update to patch a security vulnerability that enabled hackers to launch a ransomware attack on the company. The attack was designed to extract as much data as possible from the company, but it's still unclear exactly what the attackers were able to learn through their efforts. The breach is being investigated to determine what security risks have occurred, if any at all. It's likely that the attackers broke in through a security vulnerability in the file network at Point32Health. If this is the case, the business must take measures to patch up the vulnerability and reduce the issue of such an attack occurring again in the future.
What Information Was Viewed or Stolen?
While we still don't know what information was taken from Point32Health servers, we know the company was housing a great deal of data for different health organizations. If the attackers were able to get into the data for patients for some of those facilities, a substantial amount of personal and health information would be at risk overall. It's possible that medical record information, insurance details, home address, Social Security numbers, and more were exposed in this breach, but we don't have the specific details to know for sure.
How Did Business Admit to the Breach?
Point32Health put up a message updating its business associates and users about the attack that occurred on its systems. The company explained that a ransomware attack may have occurred and gave details about some of the medical facilities it works with. The business didn't explain what information was stolen specifically because investigations are still ongoing.
What Will Become of the Stolen Information?
If medical and personal information was taken from patients stored in that file network, the data will be used for identity theft attacks. The information will likely be sold off to other people that are interested and may be used to conduct phishing attacks via email as well. Between all these different methods, there are many ways the attackers can leverage the data in harmful ways.
What Should Affected Parties Do in the Aftermath of the Breach?
If Point32Health patients were exposed in this breach, the company would be required to send out individual notices to everyone involved explaining how their data was put at risk. If you receive a notice, you should monitor your credit and financial accounts and avoid giving information through your email to people that you don't trust. If you follow these steps, you should be able to avoid most of the risks imposed on you by this data breach.
