BOSTON, MASSACHUSETTS - Brigham and Women's Physician Organization, Inc. ("BWPO"), a member of Mass General Brigham Incorporated (MGB) is notifying individuals of an incident it recently became aware of involving some patients' personal information. This notification is in follow-up to an incident which occurred at Harvard Pilgrim Health Care (Harvard Pilgrim) last year. [BWPO does not own or operate Harvard Pilgrim.]
On January 29, 2024, Harvard Pilgrim informed BWPO that they discovered a file from 2019 on a Harvard Pilgrim server that contained a limited amount of BWPO patient data. An employee of Harvard Pilgrim Health Care Institute, who was also a part-time employee of BWPO, backed up the contents of their laptop in 2019 to Harvard Pilgrim's systems. Unfortunately, Harvard Pilgrim determined that this 2019 file had been accessed by an unauthorized third party in connection with a cybersecurity ransomware incident at Harvard Pilgrim. According to Harvard Pilgrim, on April 17, 2023, it discovered that it was the victim of a cybersecurity ransomware incident between March 28, 2023, and April 17, 2023, that impacted its systems.
This incident did not occur on BWPO or MGB systems or network.
