A Class Action Complaint (“Complaint”), has been filed against Defendants Harvard Pilgrim Health Care, Inc. (“Harvard Pilgrim”) and Point32Health, Inc. (“Point32”) (collectively, “Harvard Pilgrim” or “Defendants”) on behalf of members of its health plan for failure to properly secure and safeguard its members protected health information (“PHI”) and personally identifiable information (“PII ”) stored within Defendants’ information network and alleging as follows, based upon information and belief and investigation of counsel, except as to the allegations specifically pertaining to him, which is based on personal knowledge:

As alleged, Harvard Pilgrim breached its duty to protect the sensitive PHI/PII entrusted to it, and failed to abide by its own Privacy Policy. As such, Plaintiff bring this Class action on behalf of himself and the over 2.5 million other patients whose PHI/PII was accessed and exposed to unauthorized third parties during a data breach of Defendant’s system during the period from March 28, 2023, to April 17, 2023, which Harvard Pilgrim announced on or about May 23, 2023 (the “Data Breach”).

Indeed, Harvard Pilgrim did not inform its plan members or the public of the Data Breach until June 15, 2023, even though it became aware of the data breach on or about April 17, 2023.

Based on the public statements of Harvard Pilgrim to date, a wide variety of PHI/PII was implicated in the breach, including but not limited to, names, physical addresses, phone numbers, dates of birth, health insurance account information, Social Security numbers, provider taxpayer identification numbers, and clinical information (e.g., medical history, diagnoses, treatment, dates of service, and provider names).

As alleged, as a direct and proximate result of Harvard Pilgrim’s inadequate data security, and its breach of its duty to handle PHI/PII with reasonable care, Plaintiff’ PHI/PII has been accessed by hackers, posted on the dark web, and exposed to an untold number of unauthorized individuals.

Plan members are now at a significantly increased and certainly impending risk of fraud, identity theft, misappropriation of health insurance benefits, intrusion of health privacy, and similar forms of criminal mischief.

To learn more about this action, you are encouraged to contact Joshua Grabar at or call 267-507-6085.

Posted in

Grabar Law