Shields Health Care Group Inc.The data, which includes names, said in a notice on its website on Tuesday that it provides imaging and ambulatory surgical services at dozens of locations. Social security Numbers, dates of birth, and medical or treatment details are among the information that has been tampered with.
Violations have been reported to the Federal Law Enforcement Agency and the US Department of Health and Human Services Office for Civil Rights. The agency reported on its website that 2 million people had been affected. An FBI spokesman said the agency had no comment.
Shields said he was alerted on March 28 to “suspicious activity that could interfere with the data” and immediately launched an investigation.
“The investigation determined that the unidentified actor had access to certain shield systems from March 7, 2022 to March 21, 2022,” the company said. “Furthermore, the investigation revealed that certain data was acquired by an unknown actor within that time frame.”
Shields said in a statement Wednesday that there was no evidence that any tampered information was used to identify or cheat.
“Shields takes care of confidentiality, privacy and information security in our care,” the website notice said. “On the discovery, we took steps to secure our systems, including the reconstruction of certain systems, and conducted a thorough investigation to confirm the nature and scope of the activity and to determine who might be affected.”
A review of the company is ongoing, and once it is completed, those directly affected will be notified, officials said.
The Quincy-based Shields have about 40 locations, mostly in Massachusetts as well as New Hampshire and Maine.
Shields also includes a list of dozens of facility partners that may be affected, including Tufts Medical Center, Central Maine Medical Center and Yumas Memorial.
FBI Director Christopher Ray told a Boston College cybersecurity conference earlier this month that the agency had foiled a planned attack on Boston Children’s Hospital, which was carried out by hackers sponsored by the Iranian government.
Healthcare is classified by the US government as one of the 16 critical infrastructure sectors, and healthcare providers are seen as the right target for hackers.
