Shields Health Care Group, which provides services to dozens of clinics and hospitals across New England, has disclosed a data breach that affected a whopping 2 million patients.
In a notice to affected parties, Shields revealed that the company was alerted to suspicious activity on March 28 that may have involved data compromise.
Shields, which provides imaging services and outpatient surgical services to more than 50 medical centers in New England, says it immediately started investigating and worked with specialists to determine the full nature and scope of the event.
The cyberattack occurred between March 7 and March 21, during which time the attackers made off of patient data, according to the notice.
According to the US Department of Health and Human Services Office for Civil Rights’ breach portal, 2 million patient records were compromised in the attack, making it the largest healthcare breach so far this year.
Despite forensic evidence pointing to data theft, investigators have so far found no evidence to indicate that any information from this incident was used to commit identity theft or fraud.
Shields says the type of information that may have been impacted could include: full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient ID and other medical or treatment information.
“Upon discovery, we took steps to secure our systems, including rebuilding certain systems, and conducted a thorough investigation to confirm the nature and scope of the activity and to determine who may be affected,” Shields said.
Review of the impacted data is ongoing.
Shields said it has notified federal law enforcement and will report this incident to relevant state and federal regulators.
“Further, once we complete the review of the impacted data, we will directly notify impacted individuals where possible so that they may take further steps to help protect their information, should they feel it is appropriate to do so,” the notice reads.
A full list of affected medical centers can be found in the advisory. If you have any reason to believe your data was compromised as a result of this breach, monitor your accounts closely, keep an eye out for phishing attempts, and consider placing a fraud alert or credit freeze on your file.
Bitdefender Digital Identity Protection scans the web for unauthorized leaks of your personal data and verifies whether your accounts are exposed to prevent identity theft and fraud.