Shields Health Care Group, Inc. Announces Data Breach

Console and Associates, P.C.

On July 22, 2022, Shields Health Care Group, Inc. filed an official notice of a data breach with various state government entities after an unauthorized party gained access to the company’s computer systems for a period of about two weeks. According to Shields, the breach resulted in the names, full names, Social Security numbers, dates of birth, home addresses, provider information, diagnosis, billing information, insurance numbers and information, medical record numbers, patient identification numbers, and other medical or treatment information of certain patients being compromised. After confirming the breach and identifying all affected parties, Shields Health Care Group began sending out data breach letters to all affected parties.

If you received a data breach notification, it is essential you understand what is at risk and what you can do about it. To learn more about how to protect yourself from becoming a victim of fraud or identity theft and what your legal options are in the wake of the Shields Health Care Group data breach, please see our recent piece on the topic here.

What We Know About the Shields Health Care Group Data Breach

The information about the Shields Health Care Group, Inc. data breach comes from the documents filed with various state governments as well as a notice provided on the company’s website. According to the most recently released information, on March 28, 2022, Shields Health Care Group was made aware of suspicious activity on its computer network. In response, the company engaged third-party forensic specialists to investigate the incident in hopes of learning more about its causes as well as whether any patient data was leaked as a result.

The company’s investigation revealed that an unauthorized party gained access to Shields Health Care Group’s computer system on March 7, 2022, and maintained access until March 21, 2022. The investigation also confirmed that the unauthorized party stole data from the company’s system.

Upon discovering that sensitive consumer data was stolen by an unauthorized party, Shields Health Care Group then began the process of reviewing all affected files to determine what information was compromised and which consumers were impacted by the incident. While the breached information varies depending on the individual, it may include your full name, Social Security number, date of birth, home address, provider information, diagnosis, billing information, insurance number and information, medical record number, patient identification number, and other medical or treatment information.

On July 22, 2022, Shields Health Care Group sent out data breach letters to all individuals whose information was compromised as a result of the recent data security incident.

Shields Health Care Group, Inc. explains in its data breach letter that the company provides management and imaging services on behalf of various health care facilities. Thus, it appears likely that the unauthorized party was able to access information belonging to patients of any of these affiliate facilities. The list of affiliated facilities provided by Shields Health Care Group includes:

  • Baystate Health Urgent Care, LLC

  • Baystate MRI & Imaging Center, LLC

  • Brighton Imaging Center, LLC

  • Cape Cod CT Services, LLC

  • Cape Cod Imaging Services, LLC (a business associate to Falmouth Hospital Association, Inc)

  • Cape Cod PET/CT Services, LLC

  • Cape Cod Radiation Therapy Service, LLC

  • Central Maine Medical Center

  • Emerson Hospital

  • Fall River/New Bedford Regional MRI Limited Partnership

  • Falmouth Hospital Association, Inc.

  • Franklin MRI Center, LLC

  • Lahey Clinic MRI Services, LLC

  • Massachusetts Bay MRI Limited Partnership

  • Mercy Imaging, Inc.

  • MRI/CT of Providence, LLC

  • Newton-Wellesley MRI Limited Partnership

  • NW Imaging Management Company, LLC (a business associate to Newton Wellesley Orthopedic Associates, Inc.)

  • Newton-Wellesley Imaging, PC

  • Newton Wellesley Orthopedic Associates, Inc.

  • Northern MASS MRI Services, Inc.

  • PET-CT Services by Tufts Medical Center and Shields, LLC

  • Shields and Sports Medicine Atlantic Imaging Management Co, LLC (a business associate SportsMedicine Atlantic Orthopaedics P.A.)

  • Shields CT of Brockton, LLC

  • Shields Imaging at Anna Jaques Hospital, LLC

  • Shields Healthcare of Cambridge, Inc.

  • Shields Imaging at University Hospital, LLC

  • Shields Imaging at York Hospital, LLC

  • Shields Imaging Management at Emerson Hospital, LLC (a business associate to Emerson Hospital)

  • Shields Imaging of Eastern Mass, LLC

  • Shields Imaging of Lowell General Hospital, LLC

  • Shields Imaging of Portsmouth, LLC

  • Shields Imaging with Central Maine Health, LLC (a business associate to Central Maine Medical Center)

  • Shields Management Company, Inc.

  • Shields MRI & Imaging Center of Cape Cod, LLC

  • Shields MRI of Framingham, LLC

  • Shields PET/CT at CMMC, LLC

  • Shields PET_CT at Berkshire Medical Center, LLC

  • Shields PET-CT at Cooley Dickinson Hospital, LLC

  • Shields PET-CT at Emerson Hospital, LLC

  • Shields Radiology Associates, PC

  • Shields Signature Imaging, LLC

  • Shields Sturdy PET-CT, LLC

  • Shields-Tufts Medical Center Imaging Management, LLC (a business associate to Tufts Medical Center, Inc.)

  • South Shore Regional MRI Limited Partnership

  • Southeastern Massachusetts Regional MRI Limited Partnership

  • SportsMedicine Atlantic Orthopaedics P.A.

  • Tufts Medical Center, Inc.

  • UMass Memorial HealthAlliance MRI Center, LLC

  • UMass Memorial MRI – Marlborough, LLC

  • UMass Memorial MRI & Imaging Center, LLC

  • Winchester Hospital / Shields MRI, LLC

  • Radiation Therapy of Southeastern Massachusetts, LLC

  • Radiation Therapy of Winchester, LLC

  • South Suburban Oncology Center Limited Partnership

  • Shields Imaging of North Shore, LLC

More Information About Shields Health Care Group, Inc.

Based in Brighton, Massachusetts, Shields Health Care Group, Inc. is a healthcare company that provides a range of services to patients across New England. More specifically, Shields offers MRI, PET/CT, and ambulatory surgical services to patients at more than 40 locations in Massachusetts and Maine. Shields Health Care Group employs more than 754 people and generates approximately $200 million in annual revenue.

Protected Health Information Is a Common Target for Hackers

The Shields Health Care Group data breach affected several different types of patient data, including Social Security numbers, insurance information, health information and treatment information. While Shields did not use the term “protected health information” to describe the leaked data, it appears that the compromised patient information was indeed protected health information.

Protected health information is information that relates to a patient’s health condition or how a patient pays for their healthcare. For example, the results of an MRI or insurance claims information could both be considered protected health information. However, any leaked health information is only considered protected if it contains at least one identifier, such as a patient’s name, email address, physical address, photograph or Social Security number.

The consequences of a healthcare data breach can result in more than just a headache. By stealing a patient’s protected health information, hackers have enough information to commit healthcare identity theft against the patient. Healthcare identity theft is often much harder to resolve and comes at a far greater cost to patients than traditional data breaches involving bank account or credit card information.

This is because healthcare data breaches can put patients’ physical health in jeopardy. Often, after a breach, a hacker sells patient data to a third party, who then uses this information to obtain medical care in the victim’s name. In doing so, the “fake patient” may provide doctors with their own information that ends up getting mixed up with the victim’s medical record. For example, a fake patient might give a treating physician a list of their own previous medical procedures, current medications or allergies. This can result in a patient’s medical record containing inaccurate information when they go to the doctor for treatment.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Console and Associates, P.C. | Attorney Advertising

Written by:

Console and Associates, P.C.

Console and Associates, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide