Health Care Data Breach Exposes Personal Information Of Two Million People
Two million people who sought care at 56 Shields Health Care Group partners across the New England region may have had their personal data exposed after the company’s network server was breached in March. This breach is the largest of the year in healthcare, according to the U.S. Department of Health and Human Services Office for Civil Rights’ breach portal.
Shields, which provides management and imaging services for health care facilities, said in a statement posted on its website that it “became aware of suspicious activity” on its network on March 28 and launched an investigation to determine the full scope of the incident.
The examination of log files showed that the hackers had access to Shields’ systems from March 7, 2022, to March 21, 2022, allowing them to potentially access data containing the following patient information:
- Full name
- Social Security number
- Date of birth
- Home address
- Provider information
- Billing information
- Insurance number and information
- Medical record number
- Patient ID
- Other medical or treatment information
The above information can be used for social engineering, phishing, scamming, and even extortion, depending on the case, and is generally considered extremely sensitive information.
Typically, stolen information of this kind is bartered privately and used in small-scale, targeted attacks before it is resold to lower-tier threat actors who engage in bulk exploitation.
With help from third-party forensic specialists, the company said it took “immediate steps” to contain the incident and find out how it happened but it waited almost two months after the breach was confirmed to begin to notify patients.
|Shields Partner Facilities Impacted By Data Breach|
|Baystate Health Urgent Care, LLC||Baystate MRI & Imaging Center, LLC|
|Brighton Imaging Center, LLC||Cape Cod CT Services, LLC|
|Cape Cod Imaging Services, LLC (a business associate to Falmouth Hospital Association, Inc)||Cape Cod PET/CT Services, LLC|
|Cape Cod Radiation Therapy Service, LLC||Central Maine Medical Center|
|Emerson Hospital||Fall River/New Bedford Regional MRI Limited Partnership|
|Falmouth Hospital Association, Inc.||Franklin MRI Center, LLC|
|Lahey Clinic MRI Services, LLC||Massachusetts Bay MRI Limited Partnership|
|Mercy Imaging, Inc.||MRI/CT of Providence, LLC|
|Newton-Wellesley MRI Limited Partnership||NW Imaging Management Company, LLC (a business associate to Newton Wellesley Orthopedic Associates, Inc.)|
|Newton-Wellesley Imaging, PC||Newton Wellesley Orthopedic Associates, Inc.|
|Northern MASS MRI Services, Inc.||PET-CT Services by Tufts Medical Center and Shields, LLC|
|Shields and Sports Medicine Atlantic Imaging Management Co, LLC (a business associate SportsMedicine Atlantic Orthopaedics P.A.)||Shields CT of Brockton, LLC|
|Shields Imaging at Anna Jaques Hospital, LLC||Shields Healthcare of Cambridge, Inc.|
|Shields Imaging at University Hospital, LLC||Shields Imaging at York Hospital, LLC|
|Shields Imaging Management at Emerson Hospital, LLC (a business associate to Emerson Hospital)||Shields Imaging of Eastern Mass, LLC|
|Shields Imaging of Lowell General Hospital, LLC||Shields Imaging of Portsmouth, LLC|
|Shields Imaging with Central Maine Health, LLC (a business associate to Central Maine Medical Center)||Shields Management Company, Inc.|
|Shields MRI & Imaging Center of Cape Cod, LLC||Shields MRI of Framingham, LLC|
|Shields PET/CT at CMMC, LLC||Shields PET_CT at Berkshire Medical Center, LLC|
|Shields PET-CT at Cooley Dickinson Hospital, LLC||Shields PET-CT at Emerson Hospital, LLC|
|Shields Radiology Associates, PC||Shields Signature Imaging, LLC|
|Shields Sturdy PET-CT, LLC||Shields-Tufts Medical Center Imaging Management, LLC (a business associate to Tufts Medical Center, Inc.)|
|South Shore Regional MRI Limited Partnership||Southeastern Massachusetts Regional MRI Limited Partnership|
|SportsMedicine Atlantic Orthopaedics P.A.||Tufts Medical Center, Inc.|
|Tufts Medical Center, Inc.||UMass Memorial MRI – Marlborough, LLC|
|UMass Memorial MRI & Imaging Center, LLC||Winchester Hospital / Shields MRI, LLC|
|Radiation Therapy of Southeastern Massachusetts, LLC||Radiation Therapy of Winchester, LLC|
|South Suburban Oncology Center Limited Partnership||Shields Imaging of North Shore, LLC|
Investigation Launched Into Data Exposed By Data Breach
Shields only recently began notifying victims of the incident. Due to the lapse in time between the breach and the notice to affected patients, hackers may have already been able to acquire and sell sensitive information and otherwise benefit from the fraudulent misuse of such information. Some individuals affected by the Shields data breach may have noticed one or more of the following types of fraudulent activity related to their personal or healthcare information: unauthorized credit card charges, requests for loans or benefits in a patient’s name without their consent, fake medical procedures ordered, and/or disrupted use of the institution’s website or patient portal.