Shields Health Care Group, Inc. (“Shields”) provides management and imaging services for dozens of covered entities in New England.
On March 28, 2022, Shields was alerted to suspicious activity that may have involved data compromise. Their investigation discovered that an unknown threat actor had access to certain systems between March 7 and March 21 and had acquired data within that time period.
Shields notes that although they had identified and investigated a security alert on or around March 18, 2022, data theft was not confirmed at that time.
The types of information that may have been acquired included full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient ID, and other medical or treatment information.
Read their full website statement here where you will find the list of affected facilities.
The incident was reported to HHS in May as impacting 2,000,000 patients but has only been added to HHS’s public breach tool now.