A major medical imaging and outpatient surgery firm in Massachusetts has reported a cyber attack that may have compromised the medical data and identity of millions of patients.
Shields Health Care Group said it recently became aware of suspicious activity that occurred on its network in March. Its investigation found that someone gained access to its systems and acquired data from March 7, 2022 to March 21, 2022. Although Shields said it had investigated a security alert on or around March 18, 2022, it had not confirmed any data theft at that time.
Shields provides management, surgical, imaging and other services for more than 50 health care facilities in New England including ones affiliated with Tufts Medical Center, Lahey Clinic, Baystate Health, Newton-Wellesley Hospital, UMass Memorial, Emerson Hospital, Winchester Hospital, Berkshire Medical Center, Maine Medical Center and numerous others.
According to the company, one in every three people in Massachusetts has an MRI done at one of its more than 25 locations.
Shields said it does not have any evidence that patient information has been used to commit identity theft or fraud. However, the type of information stolen could include full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient ID, and other medical or treatment information.
The firm said it has notified law enforcement and taken steps to secure its systems. Once its review is complete, the company said it will directly notify individuals where possible so that they may take further steps to help protect their information.
Last week FBI Director Christopher Wray reported on how last year his agency had thwarted an attempted cyberattack on Boston Children’s Hospital by an Iranian hacker group.