Two Million Impacted By Shields Health Care Data Breach Featured

Health Care Data Breach Exposes Personal Information Of Two Million People

Two million people who sought care at 56 Shields Health Care Group partners across the New England region may have had their personal data exposed after the company’s network server was breached in March. This breach is the largest of the year in healthcare, according to the U.S. Department of Health and Human Services Office for Civil Rights’ breach portal.

Shields, which provides management and imaging services for health care facilities, said in a statement posted on its website that it “became aware of suspicious activity” on its network on March 28 and launched an investigation to determine the full scope of the incident.

The examination of log files showed that the hackers had access to Shields’ systems from March 7, 2022, to March 21, 2022, allowing them to potentially access data containing the following patient information:

  • Full name
  • Social Security number
  • Date of birth
  • Home address
  • Provider information
  • Diagnosis
  • Billing information
  • Insurance number and information
  • Medical record number
  • Patient ID
  • Other medical or treatment information

The above information can be used for social engineering, phishing, scamming, and even extortion, depending on the case, and is generally considered extremely sensitive information.

Typically, stolen information of this kind is bartered privately and used in small-scale, targeted attacks before it is resold to lower-tier threat actors who engage in bulk exploitation.

With help from third-party forensic specialists, the company said it took “immediate steps” to contain the incident and find out how it happened but it waited almost two months after the breach was confirmed to begin to notify patients.

Shields Partner Facilities Impacted By Data Breach
Baystate Health Urgent Care, LLCBaystate MRI & Imaging Center, LLC
Brighton Imaging Center, LLCCape Cod CT Services, LLC
Cape Cod Imaging Services, LLC (a business associate to Falmouth Hospital Association, Inc)Cape Cod PET/CT Services, LLC
Cape Cod Radiation Therapy Service, LLCCentral Maine Medical Center
Emerson HospitalFall River/New Bedford Regional MRI Limited Partnership
Falmouth Hospital Association, Inc.Franklin MRI Center, LLC
Lahey Clinic MRI Services, LLCMassachusetts Bay MRI Limited Partnership
Mercy Imaging, Inc.MRI/CT of Providence, LLC
Newton-Wellesley MRI Limited PartnershipNW Imaging Management Company, LLC (a business associate to Newton Wellesley Orthopedic Associates, Inc.)
Newton-Wellesley Imaging, PCNewton Wellesley Orthopedic Associates, Inc.
Northern MASS MRI Services, Inc.PET-CT Services by Tufts Medical Center and Shields, LLC
Shields and Sports Medicine Atlantic Imaging Management Co, LLC (a business associate SportsMedicine Atlantic Orthopaedics P.A.)Shields CT of Brockton, LLC
Shields Imaging at Anna Jaques Hospital, LLCShields Healthcare of Cambridge, Inc.
Shields Imaging at University Hospital, LLCShields Imaging at York Hospital, LLC
Shields Imaging Management at Emerson Hospital, LLC (a business associate to Emerson Hospital)Shields Imaging of Eastern Mass, LLC
Shields Imaging of Lowell General Hospital, LLCShields Imaging of Portsmouth, LLC
Shields Imaging with Central Maine Health, LLC (a business associate to Central Maine Medical Center)Shields Management Company, Inc.
Shields MRI & Imaging Center of Cape Cod, LLCShields MRI of Framingham, LLC
Shields PET/CT at CMMC, LLCShields PET_CT at Berkshire Medical Center, LLC
Shields PET-CT at Cooley Dickinson Hospital, LLCShields PET-CT at Emerson Hospital, LLC
Shields Radiology Associates, PCShields Signature Imaging, LLC
Shields Sturdy PET-CT, LLCShields-Tufts Medical Center Imaging Management, LLC (a business associate to Tufts Medical Center, Inc.)
South Shore Regional MRI Limited PartnershipSoutheastern Massachusetts Regional MRI Limited Partnership
SportsMedicine Atlantic Orthopaedics P.A.Tufts Medical Center, Inc.
Tufts Medical Center, Inc.UMass Memorial MRI – Marlborough, LLC
UMass Memorial MRI & Imaging Center, LLCWinchester Hospital / Shields MRI, LLC
Radiation Therapy of Southeastern Massachusetts, LLCRadiation Therapy of Winchester, LLC
South Suburban Oncology Center Limited PartnershipShields Imaging of North Shore, LLC

Investigation Launched Into Data Exposed By Data Breach

Shields only recently began notifying victims of the incident. Due to the lapse in time between the breach and the notice to affected patients, hackers may have already been able to acquire and sell sensitive information and otherwise benefit from the fraudulent misuse of such information. Some individuals affected by the Shields data breach may have noticed one or more of the following types of fraudulent activity related to their personal or healthcare information: unauthorized credit card charges, requests for loans or benefits in a patient’s name without their consent, fake medical procedures ordered, and/or disrupted use of the institution’s website or patient portal.

Case Status: Open – Not Accepting New Clients


Leave a Reply

Your email address will not be published. Required fields are marked *