2 Million Patient Records get Compromised in Healthcare Breach

Colin Thierry
Colin Thierry Writer
Colin Thierry Colin Thierry Writer

Shields Health Care Group, which provides services to numerous clinics and hospitals across New England, fell victim to a data breach that had impacted 2 million patients.

In a notice to affected patients, Shields revealed that the company was alerted to suspicious activity on March 28 that may have involved data compromise.

Shields said that it immediately started investigating and working with specialists to determine the full nature and scope of the event. The health care group provides imaging services and outpatient surgical services to more than 50 medical centers in New England.

The cyberattack occurred between March 7 and March 21, during which time the attackers stole patient data, according to the notice.

According to the US Department of Health and Human Services Office for Civil Rights’ breach portal, this was the largest healthcare breach so far in 2022 with 2 million patient records compromised.

While forensic evidence pointed to data theft, there is currently no evidence found by investigators to suggest that any information from this incident was used to commit identity theft or fraud.

Shields said that the type of information that may have been impacted could include full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient ID and, other medical or treatment information.

“Upon discovery, we took steps to secure our systems, including rebuilding certain systems, and conducted a thorough investigation to confirm the nature and scope of the activity and to determine who may be affected,” Shields said.

Review of the impacted data is still in progress.

Shields said that it has notified federal law enforcement and will report this incident to relevant state and federal regulators.

“Further, once we complete the review of the impacted data, we will directly notify impacted individuals where possible so that they may take further steps to help protect their information, should they feel it is appropriate to do so,” read the notice.

A full list of impacted medical centers can be found in the advisory.

About the Author

About the Author

Colin Thierry is a former cybersecurity researcher and journalist for SafetyDetectives who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.