- June 7, 2022
- No Comment
- 5 minutes read
2 Million Patients Affected by Shields Health Care Group Cyberattack – HIPAA Journal
Posted By HIPAA Journal on Jun 7, 2022
Share this article on:
The protected health information of up to 2 million individuals has potentially been compromised in a Shields Health Care Group cyberattack. Massachusetts-based Shields Health Care Group provides ambulatory surgical center management and medical imaging services throughout New England. On March 28, 2022, suspicious activity was detected within its network. Immediate action was taken to secure its network and prevent further unauthorized access, and third-party forensics specialists were engaged to assist with the investigation and determine the nature and scope of the security breach.
The forensic investigation determined that an unauthorized actor had access to certain Shields systems between March 7, 2022, to March 21, 2022. Shields said a security alert had been triggered on March 18, 2022, which was investigated, but at the time it did not appear that there had been a data breach. It has since been confirmed that during that period of access, certain data was removed from its systems. Shields said it has not been made aware of any cases of actual or attempted misuse of patient data.
A review of the files that were removed from its systems or may have been accessed by unauthorized individuals confirmed the following types of information were involved: Full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient ID, and other medical or treatment information. Shields is continuing to review the affected data and will issue notifications to affected individuals on behalf of all affected facility partners when that review has been completed.
When the attack was discovered, immediate action was taken to secure its network and data, certain systems have now been rebuilt, and additional safeguards have been implemented to better protect patient data. Cybersecurity measures will be reviewed and enhanced moving forward to ensure continued data security.
The HHS’ Office for Civil Rights Breach Portal has the breach listed as affecting 2,000,000 individuals. Shields said those individuals had received services at the following 56 facility partners:
Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.
HIPAA
Compliance
Checklist
Simple Guidelines
Immediate PDF Download
Immediate Access
Privacy Policy
HIPAA Journal provides the most comprehensive coverage of HIPAA news anywhere online, in addition to independent advice about HIPAA compliance and the best practices to adopt to avoid data breaches, HIPAA violations and regulatory fines. HIPAA Journal’s goal is to assist HIPAA-covered entities achieve and maintain compliance with state and federal regulations governing the use, storage and disclosure of PHI and PII.
Receive weekly HIPAA news directly via email
HIPAA News
Regulatory Changes
Breach News
HITECH News
HIPAA Advice
Email Never Shared
Cancel Any Time
Privacy Policy
Copyright © 2014-2022 HIPAA Journal. All rights reserved.