According to officials, a cyberattack on a Massachusetts-based health care organization may have compromised the personal information of up to 2 million people.
Shields Health Care Group Inc., which provides imaging and ambulatory surgical services at dozens of locations, announced Tuesday on its website that data including names, Social Security numbers, dates of birth, and medical or treatment details may have been compromised.
The breach has been reported to federal law enforcement and the Office for Civil Rights at the U.S. Department of Health and Human Services. According to the agency’s website, 2 million people were affected. The FBI had no comment, according to a spokesperson.
Shields stated that it was “alerted to suspicious activity that could have resulted in data compromise.” “on March 28 and began investigating right away.
“From March 7, 2022 to March 21, 2022, an unknown actor gained access to certain Shields systems,” according to the investigation “According to the company. “Furthermore, the investigation revealed that the unknown actor obtained certain data during that time period.””
Shields said in a statement Wednesday that there is no evidence that any of the compromised information was used to commit identity theft or fraud.
The website notice stated, “Shields takes the confidentiality, privacy, and security of information in our care seriously.” “When we discovered the activity, we took steps to secure our systems, including rebuilding certain systems, and conducted a thorough investigation to confirm the nature and scope of the activity and to determine who may have been affected.””
The company’s investigation is ongoing, and once completed, those directly affected will be notified, according to officials.
Shields, based in Quincy, has approximately 40 locations, mostly in Massachusetts but also in New Hampshire and Maine.
Shields also included a list of dozens of potential facility partners, including Tufts Medical Center, Central Maine Medical Center, and UMass Memorial.
This month, FBI Director Christopher Wray told a Boston College cybersecurity conference that the agency had foiled a planned attack on Boston Children’s Hospital by hackers backed by the Iranian government.
The US government classifies health care as one of 16 critical infrastructure sectors, and health care providers are seen as easy targets for hackers.