blog

Medical Service Provider Data Breach Affects 2 Million Users

Written by Securafy Team | Jul 1, 2022 3:00:00 PM

Depending on where you live, you may have received medical care from the Shields Health Care Group (Shields), or from a provider associated with them.

If so, be aware that the Massachusetts-based medical provider specializing in PET/CT scans, MRIs, radiation oncology, and ambulatory surgical services has been hacked.

The unknown hackers gained access to their network and stole data relating to more than 2 million users.

According to the breach notification that the company published on their website, Shield first became aware of the attack on March 28th of this year (2022).  Immediately after, they retained the services of third-party cybersecurity specialists, engaging them to assist in determining the scope and scale of the incident.

While that investigation is ongoing, here's what we know so far:

A currently unknown group attacked the network and gained access from March 7 to March 21, 2022.

Consequently, they were able to steal database records of more than two million users, which included the following information:

  • User full name
  • Social security number
  • User date of birth
  • User home address
  • Provider information
  • Patient diagnosis
  • Billing information
  • Insurance number and related information
  • Medical Record Number
  • Patient ID
  • And other assorted treatment information

This is serious and more than enough data was exfiltrated to allow the hackers to steal people's identities.  Whether they do it themselves or sell the information on the Dark Web remains to be seen. Either way, if your information was stolen because of this breach, you are very much at risk.

If you're not sure, it's worth your time to head to the Shields website.  There, you'll find a complete listing of all the impacted medical facilities.  If you received treatment from any facility on the list, be on the alert and watch your credit and banking statements closely.