The largest and most technically advanced network of medical imaging and diagnostic treatment facilities in New England experienced a cybersecurity breach that impacted their patients at more than 40 locations. Shields Health Care Group is a family-owned-and-operated imaging business with all locations ACR certified. They provide MRI, PET/CT, and ambulatory surgical services to patients throughout New England.
Shields Health Care Group recently notified over two million people of a cybersecurity attack in March. Shields published the notice of data security incident on their website.
The timeframe of the cybersecurity attack was March.
- Shields identified and investigated a security threat on or around March 18. Data theft was not confirmed.
- On March 28, Shields was alerted to suspicious activity — indicating compromised data.
- Shields launched an investigation and found that an unknown entity had gained access to certain data from March 8, 2022, to March 21, 2022.
Shields Health Care Group reported that potentially impacted data may include:
- Full name
- Social security number
- Date of birth
- Home address
- Provider information
- Billing information
- Insurance number and information
- Medical record number
- Patient ID
- Other medical or treatment information
Shields notified the Department of Health and Human Services (HHS) in late May, and HHS added this breach to their database the first full week of June.
In a statement on the provider’s website, they say, “Shields takes the confidentiality, privacy, and security of information in our care seriously. Upon discovery, we took steps to secure our systems, including rebuilding certain systems, and conducted a thorough investigation to confirm the nature and scope of the activity and to determine who may be affected.
Facility partners include Central Maine Medical Center, Emerson Hospital, Tufts Medical Center, Inc., UMass Memorial, and more than 40 other healthcare facilities in New England. Shields Health Care Group is based in Quincy, MA.