Harvard Health Plan class action claims data breach affects 2.5M patients

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Harvard Health Plan data breach class action lawsuit overview: 

• Who: Valeria Salerno Gonzales filed a class action lawsuit against Harvard Pilgrim Health Care Inc. and Point32Health Inc. 
• Why: Gonzales claims Harvard Pilgrim failed to properly safeguard and secure the private information of more than 2.5 million Harvard Health Plan participants during a March data breach. 
• Where: The class action lawsuit was filed in Massachusetts federal court.

Harvard Pilgrim Health Care failed to properly safeguard and secure the personally identifiable information (PII) and protected health information (PHI) of more than 2.5 million health plan participants from potentially being compromised during a March data breach. 

Plaintiff Valeria Salerno Gonzales claims Harvard Pilgrim “disregarded the rights” of its health plan participants by “intentionally, willfully, recklessly, or negligently failing to take and implement adequate and reasonable measures,” to protect their data. 

Gonzales argues Harvard Pilgrim also failed to “take available steps to prevent unauthorized disclosure of data” and failed to follow “applicable, required and appropriate protocols, policies and procedures regarding the encryption of data, even for internal use.” 

“As a result, the PHI/PII of Plaintiff and Class Members was compromised through disclosure to an unknown and unauthorized third party,” the Harvard Health Plan class action states. 

Gonzales wants to represent a nationwide class and Massachusetts subclass of all individuals who had their PHI, PII and/or financial information exposed to unauthorized third parties during the Harvard Pilgrim data breach between March 28, 2023, and April 17, 2023. 

Harvard Health Plan participants anxious over potential effect of data breach, class action says

Information potentially exposed during the Harvard Pilgrim data breach included names, phone numbers, birthdates, Social Security numbers, physical addresses, clinical information and medical histories, among other things, according to the Harvard Health plan class action. 

“Plaintiff, as a result of the Data Breach, has increased anxiety for their loss of privacy and anxiety over the impact of cybercriminals accessing, using, and selling their PHI/PII and/or financial information,” the Harvard Health Plan class action states. 

Gonzales claims Harvard Pilgrim is guilty of unjust enrichment, breach of implied covenant of good faith and fair dealing, breach of implied contract and negligence. 

The plaintiff is demanding a jury trial and requesting declaratory and injunctive relief along with an award of actual, nominal, and consequential damages for herself and all class members. 

A number of companies — including Verizon, Microsoft, U.S. Bank and Dropbox, among others — suffered data breaches last year that exposed consumers’ PII or PHI. 

Were you affected by the Harvard Health Plan data breach? Let us know in the comments.

The plaintiff is represented by James J. Reardon of Reardon Scanlon LLP and Kevin Laukaitis of Laukaitis Law LLC. 

The Harvard Health Plan class action lawsuit is Gonzales, et al. v. Harvard Pilgrim Health Care Inc., et al., Case No. 1:23-cv-11286, in the U.S. District Court for the District of Massachusetts.

Read About More Class Action Lawsuits & Class Action Settlements:

• Mercer University class action claims data breach compromised data of over 93K individuals
• Minnesota Dept. of Education hit with data breach affecting 95,000 students
• T-Mobile retailer suffers data breach affecting potentially thousands of customers
• Hacking group targets file transfer tool, leading to major data breaches, government warns