2 Million Patients Affected by Shields Health Care Group Cyberattack

The protected health information (PHI) of around 2 million people was potentially compromised in a cyberattack on Shields Health Care Group. Shields Health Care Group based in Massachusetts provides ambulatory surgical center management and medical imaging services all over New England. The group detected suspicious activity within its network on March 28, 2022. Fast action was done to secure its system and stop continuing unauthorized access. Third-party forensics professionals assisted with the investigation and confirmed the nature and magnitude of the security breach.

The forensic investigation revealed that an unauthorized individual got access to some Shields systems from March 7, 2022 to March 21, 2022. Shields stated that a security advisory was activated on March 18, 2022, which upon investigation did not appear to have been a data breach at the time. Since then, it was confirmed that throughout that period of access, selected data was taken from its systems. Shields mentioned it didn’t know of any instances of attempted or actual patient data misuse.

An analysis of the files that were extracted from its systems or may have been accessed by unauthorized persons revealed that the following types of information were impacted: Full name, Social Security number, birth date, home address, provider data, diagnosis, billing details, insurance number and details, medical record number, patient ID, and other medical or treatment data. Shields is still reviewing the affected data and will issue breach notifications to impacted people on behalf of all affected facility partners after that review is finished.

After the discovery of the attack, quick action was undertaken to protect its network and records, selected systems were rebuilt, and more safeguards were put in place to better secure patient information. Cybersecurity steps will be evaluated and improved for better, continuing information safety.

The breach is already listed on the HHS’ Office for Civil Rights Breach website as affecting 2,000,000 persons. Shields stated that those people had received treatment at the 56 facility partners listed below:

  • Cape Cod Imaging Services, LLC (a Falmouth Hospital Association, Inc business associate)
  • Cape Cod Radiation Therapy Service, LLC
  • Cape Cod PET/CT Services, LLC
  • Central Maine Medical Center
  • Emerson Hospital
  • Falmouth Hospital Association, Inc.
  • Fall River/New Bedford Regional MRI Limited Partnership
  • Franklin MRI Center, LLC
  • Lahey Clinic MRI Services, LLC
  • Mercy Imaging, Inc.
  • Massachusetts Bay MRI Limited Partnership
  • MRI/CT of Providence, LLC
  • Newton-Wellesley Imaging, PC
  • Newton Wellesley Orthopedic Associates, Inc.
  • Newton-Wellesley MRI Limited Partnership
  • NW Imaging Management Company, LLC (a Newton Wellesley Orthopedic Associates, Inc. business associate)
  • Northern MASS MRI Services, Inc.
  • PET-CT Services by Tufts Medical Center and Shields, LLC
  • Radiation Therapy of Winchester, LLC
  • Radiation Therapy of Southeastern Massachusetts, LLC
  • Shields CT of Brockton, LLC
  • Shields and Sports Medicine Atlantic Imaging Management Co, LLC (a
  • SportsMedicine Atlantic Orthopaedics P.A. business associate)
  • Shields Imaging at Anna Jaques Hospital, LLC
  • Shields Healthcare of Cambridge, Inc.
  • Shields Imaging at University Hospital, LLC
  • Shields Imaging Management at Emerson Hospital, LLC (an Emerson Hospital business associate)
  • Shields Imaging at York Hospital, LLC
  • Shields Imaging of Eastern Mass, LLC
  • Shields Imaging of North Shore, LLC
  • Shields Imaging of Lowell General Hospital, LLC
  • Shields Imaging of Portsmouth, LLC
  • Shields Management Company, Inc.
  • Shields Imaging with Central Maine Health, LLC (a Central Maine Medical Center business associate)
  • Shields PET/CT at CMMC, LLC
  • Shields MRI & Imaging Center of Cape Cod, LLC
  • Shields PET-CT at Cooley Dickinson Hospital, LLC
  • Shields MRI of Framingham, LLC
  • Shields PET_CT at Berkshire Medical Center, LLC
  • Shields PET-CT at Emerson Hospital, LLC
  • Shields Signature Imaging, LLC
  • Shields Radiology Associates, PC
  • Shields Sturdy PET-CT, LLC
  • Shields-Tufts Medical Center Imaging Management, LLC (a Tufts Medical Center, Inc. business associate)
  • South Shore Regional MRI Limited Partnership
  • Southeastern Massachusetts Regional MRI Limited Partnership
  • South Suburban Oncology Center Limited Partnership
  • SportsMedicine Atlantic Orthopaedics P.A.
  • Tufts Medical Center, Inc.
  • UMass Memorial MRI – Marlborough, LLC
  • UMass Memorial HealthAlliance MRI Center, LLC
  • UMass Memorial MRI & Imaging Center, LLC
  • Winchester Hospital / Shields MRI, LLC