Skip to main content
close search
site logo
Dive Brief

2 million patients' data exposed in cyberattack on New England health services provider

Published June 9, 2022
Rebecca Pifer's headshot
Senior Reporter
Sean Gallup via Getty Images

Dive Brief:

  • Two million patients in New England who received care at almost 60 healthcare facilities affiliated with Shields Health Care Group, a medical imaging and outpatient surgical services provider, may have had their personal data exposed in a cyberattack earlier this year.
  • An “unknown actor” gained access to Shields’ systems from March 7 to March 21. On March 28, Shields was alerted to suspicious activity and a subsequent investigation into the incident found that “certain data was acquired by the unknown actor within that time frame,” according to Massachusetts-based Shields.
  • The attack, which Shields disclosed Tuesday, is the largest so far this year, according to the HHS’ data breach portal.

Dive Insight:

Cybersecurity breaches have been increasing in severity in the healthcare industry. Last year, a record 45 million people were affected by healthcare cyber attacks, more than triple the number of individuals affected in 2018, according to cybersecurity firm Critical Insight.

Healthcare companies face a perfect storm: attacks are advancing in aggression, complexity and volume; cyber threats are mounting from international events like Russia’s invasion of Ukraine; and cybersecurity typically isn’t a priority in hospital IT budgets, making up just 6% or less of IT spending, by one estimate.

Following Shields, the next-largest breach disclosed this year occurred at North Broward Hospital District in Florida, when the data of approximately 1.4 million patients was impacted. Like Shields, the Broward event was also a hacking and IT incident, according to HHS’ Office of Civil Rights, which tracks healthcare data breaches affecting 500 or more individuals.

So far, Shields has found no evidence the attacker used any stolen data to commit identity theft or fraud. However, the information impacted was private and personal, including full names and addresses, Social Security numbers, medical diagnosis and billing information.

Impacted facilities include Tufts Medical Center in Boston, Emerson Hospital in Concord, Massachusetts, and clinics owned by UMass Memorial, a regional system in central Massachusetts, Shields disclosed.

Shields, which has notified federal law enforcement about the attack, is continuing to review impacted data. Once the review is completed, the company plans to directly contact any impacted individuals.

In another high-profile attack this year, Tenet, one of the largest for-profit health systems in the U.S., experienced a cybersecurity incident in April that disrupted operations.

Tenet has yet to disclose whether patient data was accessed.

Recommended Reading

Filed Under: Hospitals, Health IT

Editors' picks

Company Announcements

View all | Post a press release
Jo Abernathy Joins Catalyst Solutions as Advisory Board Member
From Catalyst Solutions
July 31, 2024
HearUSA Ranked a Top Hearing Care Retailer in Newsweek’s America's Best Retailers 2024
From HearUSA
July 30, 2024
Healthworx partners with Highmark Inc, LifeBridge Health for new accelerator program
From Healthworx
July 30, 2024
Catalyst Solutions to lead the Medicaid Modernization Panel at MESC24 on State of Florida's Mo…
From Catalyst Solutions
August 02, 2024
Editors' picks
Latest in Hospitals
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell