Personal data of 2 million leaked in cyberattack on Massachusetts healthcare group
Jonathan Greig June 7, 2022

Personal data of 2 million leaked in cyberattack on Massachusetts healthcare group

Personal data of 2 million leaked in cyberattack on Massachusetts healthcare group

The sensitive information of two million people was accessed during a cyberattack on Shields Health Care Group, a Massachusetts-based healthcare organization that provides services to dozens of hospitals and other medical facilities. 

The company – which provides MRI, radiology and ambulance services to hospitals in the state – released a notice about the incident, explaining that hackers were in its systems from March 7 to March 21.

The IT team at the company said it discovered the breach on March 28 but noted that it “had identified and investigated a security alert on or around March 18.” At that point, data theft was not confirmed.

The company said the hackers gained access to databases that contained full names, Social Security numbers, dates of birth, home addresses, provider information, diagnosis, billing information, insurance numbers and information, medical record numbers, patient IDs, and other medical or treatment information.

“Shields Health Care Group recently became aware of suspicious activity on its network. With the assistance of third-party forensic specialists, we took immediate steps to contain the incident and to investigate the nature and scope of the incident,” the company said in its notice about the breach

“Upon discovery, we took steps to secure our systems, including rebuilding certain systems, and conducted a thorough  investigation to confirm the nature and scope of the activity and to determine who may be affected.” 

Federal law enforcement agencies were notified about the incident and state regulators will be informed about it as well. The incident has already been reported to the U.S. Department of Health and Human Services Office for Civil Rights. 

After the company reviews the impacted data, it plans to send letters to people that were affected. The company did not say it was providing any identity theft protection services to the 2 million people affected. 

The company provides services to more than 50 hospitals and clinics across the northeast, including hospitals at universities like Emerson, UMass, Tufts, Wellesley and more.

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.