2 Million Patients Affected by Shields Health Care Group Cyberattack

The protected health information (PHI) of approximately 2 million persons was possibly exposed in a cyberattack on Shields Health Care Group. Shields Health Care Group based in Massachusetts offers ambulatory surgical center administration and medical imaging services across New England. The group discovered suspicious activity inside its system on March 28, 2022. Prompt action was done to secure its network and avert more unauthorized access. Third-party forensics experts helped with the investigation and identified the nature and extent of the security breach.

The forensic investigation confirmed that an unauthorized person acquired access to some Shields systems between March 7, 2022 and March 21, 2022. Shields mentioned that a security notification was prompted on March 18, 2022, which on investigation did not seem to have been a data breach back then. From then on, it was affirmed that during that time of access, selected data was extracted from its networks. Shields stated it didn’t know about any incidents of actual or attempted patient data misuse.

An evaluation of the files that were taken from its systems or might have been viewed by unauthorized people showed that these types of information were affected: Complete name, Social Security number, date of birth, home address, provider data, diagnosis, billing details, insurance number and data, patient ID, medical record number, and other health or treatment data. Shields is still going over the impacted data and will send notices to affected persons on behalf of all impacted facility associates as soon as that review is done.

After discovering the attack, prompt action was undertaken to protect its system and records, a number of systems were rebuilt, and extra safety measures were enforced to better safeguard patient information. Cybersecurity procedures will be assessed and upgraded to better secure information privacy.

The breach is now posted on the HHS’ Office for Civil Rights Breach portal as impacting 2,000,000 people. Shields mentioned that those persons had gotten services at the 56 affected facility partners shown below:

  • Cape Cod Radiation Therapy Service, LLC
  • Central Maine Medical Center
  • Cape Cod Imaging Services, LLC (a Falmouth Hospital Association, Inc business associate)
  • Cape Cod PET/CT Services, LLC
  • Emerson Hospital
  • Falmouth Hospital Association, Inc.
  • Franklin MRI Center, LLC
  • Fall River/New Bedford Regional MRI Limited Partnership
  • Lahey Clinic MRI Services, LLC
  • Mercy Imaging, Inc.
  • Massachusetts Bay MRI Limited Partnership
  • MRI/CT of Providence, LLC
  • Newton-Wellesley Imaging, PC
  • Newton-Wellesley MRI Limited Partnership
  • Newton Wellesley Orthopedic Associates, Inc.
  • Northern MASS MRI Services, Inc.
  • NW Imaging Management Company, LLC (a business associate to Newton Wellesley Orthopedic Associates, Inc.)
  • PET-CT Services by Tufts Medical Center and Shields, LLC
  • Radiation Therapy of Winchester, LLC
  • Radiation Therapy of Southeastern Massachusetts, LLC
  • Shields and Sports Medicine Atlantic Imaging Management Co, LLC (a business associate SportsMedicine Atlantic Orthopaedics P.A.)
  • Shields Healthcare of Cambridge, Inc.
  • Shields Imaging at Anna Jaques Hospital, LLC
  • Shields CT of Brockton, LLC
  • Shields Imaging of Portsmouth, LLC
  • Shields Imaging with Central Maine Health, LLC (a business associate to Central Maine Medical Center)
  • Shields Imaging at University Hospital, LLC
  • Shields Imaging at York Hospital, LLC
  • Shields Imaging of Lowell General Hospital, LLC
  • Shields Imaging Management at Emerson Hospital, LLC (a business associate to Emerson Hospital)
  • Shields Imaging of Eastern Mass, LLC
  • Shields Imaging of North Shore, LLC
  • Shields Management Company, Inc.
  • Shields MRI & Imaging Center of Cape Cod, LLC
  • Shields Signature Imaging, LLC
  • Shields Sturdy PET-CT, LLC
  • Shields PET_CT at Berkshire Medical Center, LLC
  • Shields MRI of Framingham, LLC
  • Shields PET/CT at CMMC, LLC
  • Shields PET-CT at Cooley Dickinson Hospital, LLC
  • Shields PET-CT at Emerson Hospital, LLC
  • Shields Radiology Associates, PC
  • Shields-Tufts Medical Center Imaging Management, LLC (a business associate to Tufts Medical Center, Inc.)
  • South Suburban Oncology Center Limited Partnership
  • Southeastern Massachusetts Regional MRI Limited Partnership
  • South Shore Regional MRI Limited Partnership
  • SportsMedicine Atlantic Orthopaedics P.A.
  • Tufts Medical Center, Inc.
  • UMass Memorial HealthAlliance MRI Center, LLC
  • UMass Memorial MRI & Imaging Center, LLC
  • UMass Memorial MRI – Marlborough, LLC
  • Winchester Hospital / Shields MRI, LLC